Добрый деньПодскажите, пожалуйста, как на линуксе поднять gre тоннель на основе конфигурации cisco -- вот настройка на cisco , необходимо воплотить то же самое на линуксе. Ipsec тоннели поднять смог, остались gre. Для меня сложность -- как получить доступ к узлу 10.144.254.1. Спасибо
# Вкратце о GRE соединении
Vladimir VPN Peer IP: 83.167.115.174
CME VPN Peer IP: 128.177.22.14
----------------------------------------------------
GRE Tunnel Address (Vladimir): 10.144.2.154
GRE Tunnel Address (CME Group): 10.144.2.153
The RP IP: 10.132.19.8
Vladimir GRE Tunnel Source IP: 10.144.0.112
CME GRE Tunnel Source IP: 10.144.254.1 ( Tunnel Destination for Vladimir)
------------------------------------------------------
#Cisco sample configuration
ip multicast-routing #(only required for MDP access)
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
crypto isakmp key VLaDiMiR
address 128.177.22.14
!
crypto ipsec transform-set cmevpn esp-3des esp-md5-hmac
!
crypto map cmevpn 1 ipsec-isakmp
set peer 128.177.22.14
set transform-set cmevpn
match address 100
!
interface Loopback0 #(Leave interface shutdown if MDP access not required)
ip address 10.144.0.112 255.255.255.255
shutdown
!
interface Tunnel0 #(Leave interface shutdown if MDP access not required)
ip address 10.144.2.154 255.255.255.252
ip pim sparse-mode
tunnel source 10.144.0.112
tunnel destination 10.144.254.1
shutdown
!
interface fa0/0
ip address 10.144.112.1 255.255.255.0
ip pim sparse-mode #(only required for MDP access)
duplex auto
speed auto
no cdp enable
!
interface fa0/1
ip address 83.167.115.174 255.255.255. x # (Customer public interface)
crypto map cmevpn
ip access-group 199 in
!
ip route 10.132.19.0 255.255.255.0 Tunnel0 #(only required for MDP access)
#(the following route statements can be replaced with a default route statement)
ip route 10.135.70.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.135.71.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.135.172.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.135.173.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.140.120.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.140.18.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.1.16.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.1.63.0 255.255.255.0 (ip address of corporate internet router)
ip route 10.144.254.1 255.255.255.255 (ip address of corporate internet router)
ip classless
no ip http server
no ip http secure-server
ip pim rp-addess 10.132.19.8 #(only required for MDP access)
ip mroute 10.132.19.0 255.255.255.0 tunnel0 #(only required for MDP access)
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.135.70.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.135.71.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.135.172.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.135.173.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.140.120.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.140.18.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.1.16.0 0.0.0.255
access-list 100 permit ip 10.144.112.0 0.0.0.255 10.1.63.0 0.0.0.255
access-list 100 permit gre host 10.144.0.112 host 10.144.254.1 #(only required for MDP access)
access-list 199 permit gre host 10.144.254.1 host 10.144.0.112 #(only required for MDP access)
access-list 199 permit ip 10.135.70.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.135.71.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.135.172.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.135.173.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.140.120.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.1.18.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.1.16.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit ip 10.1.63.0 0.0.0.255 10.144.112.0 0.0.0.255
access-list 199 permit udp any any eq isakmp
access-list 199 permit ahp any any
access-list 199 permit esp any any
Версия для распечатки
Gre tunnel linux <-> cisco, 
vivanov, 01-Фев-11, 01:31 [смотреть все]
