L2TP 和 IPsec over L2TP

L2TP在网的情况下，加密一下。

R1

R1#show run
Building configuration...

Current configuration : 2158 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
l2tp tunnel password 123456
l2tp tunnel receive-window 1024
!
vpdn-group 2
accept-dialin
protocol l2tp
virtual-template 2
terminate-from hostname lucifer
l2tp tunnel password 123456
l2tp tunnel receive-window 1024
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username test password test
archive
log config
hidekeys
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key 654321 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set ike2 esp-des esp-md5-hmac
!
crypto dynamic-map dymap 1
set transform-set ike2
!
!
crypto map mymap 10 ipsec-isakmp dynamic dymap
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 10.200.1.1 255.255.255.0
!
interface Loopback1
ip address 10.200.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 12.1.1.3 255.255.255.0 secondary
ip address 12.1.1.1 255.255.255.0
duplex auto
speed auto
no shut
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool test1
ppp authentication chap
!
interface Virtual-Template2
ip unnumbered Loopback0
peer default ip address pool test1
ppp authentication chap
crypto map mymap
!
ip local pool test1 10.200.1.110 10.200.1.120
ip local pool test2 10.200.2.110 10.200.2.120
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 12.1.1.2
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

--------------------------------------------------------------------------------------------------------------------

R2#show run
Building configuration...

Current configuration : 1157 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip router isis
!
interface FastEthernet0/0
ip address 12.1.1.2 255.255.255.0
duplex auto
speed auto
no shut
!
interface FastEthernet0/1
ip address 23.1.1.2 255.255.255.0
ip router isis
duplex auto
speed auto
no shut
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
router isis
net 10.0000.0000.0002.00
redistribute connected
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

--------------------------------------------------------------------------------------------------------

R3#show run
Building configuration...

Current configuration : 1510 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication ppp default local
!
!
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username jiachunwang password zero
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
bba-group pppoe chia
virtual-template 1
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group chia
no shut
!
interface FastEthernet0/1
ip address 23.1.1.3 255.255.255.0
ip router isis
duplex auto
speed auto
no shut
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
pppoe enable group chia
no shut
!
interface Virtual-Template1
ip address 34.1.1.3 255.255.255.0
peer default ip address pool zero
ppp authentication chap
ppp ipcp mask 255.255.255.0
!
router isis
net 10.0000.0000.0003.00
redistribute connected
!
ip local pool zero 34.1.1.100 34.1.1.200
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
!
!
end

--------------------------------------------------------------------------------------------

R4#show run
Building configuration...

Current configuration : 1812 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool zero
origin ipcp
!
!
no ip domain lookup
l2tp-class test
authentication
password 123456
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
pseudowire-class test
encapsulation l2tpv2
protocol l2tpv2 test
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
interface FastEthernet0/1
ip address 192.168.45.4 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
no shut
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Virtual-PPP1
ip address negotiated
ip nat outside
ip nat enable
ip virtual-reassembly
ppp chap hostname test
ppp chap password test
pseudowire 12.1.1.1 1 pw-class test
!
interface Dialer1
ip address pool zero
encapsulation ppp
dialer pool 1
ppp chap hostname jiachunwang
ppp chap password zero
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat source list 100 interface Virtual-PPP1 overload
!
access-list 100 permit ip 192.168.0.0 0.0.255.255 10.0.0.0 0.255.255.255
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

----------------------------------------------------------------------------------------------------------------------

R5#show run
Building configuration...

Current configuration : 1032 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.45.5 255.255.255.0
duplex auto
speed auto
no shut
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.45.4
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

-------------------------------------------------------------------------------------------------------------------

R6#show run
Building configuration...

Current configuration : 2259 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool zero
origin ipcp
!
!
no ip domain lookup
l2tp-class l2x
authentication
password 123456
hostname lucifer
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
crypto isakmp policy 10
hash md5
authentication pre-share
crypto isakmp key 654321 address 10.200.1.1
!
!
crypto ipsec transform-set ike2 esp-des esp-md5-hmac
!
crypto dynamic-map dymap 1
set transform-set ike2
!
!
crypto map mymap 1 ipsec-isakmp
set peer 10.200.1.1
set transform-set ike2
match address 100
crypto map mymap 10 ipsec-isakmp dynamic dymap
!
!
!
ip tcp synwait-time 5
pseudowire-class pse
encapsulation l2tpv2
protocol l2tpv2 l2x
!
!
!
!
!
interface FastEthernet0/0
ip address 67.1.1.6 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
no shut
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no shut
!
interface Virtual-PPP1
ip address negotiated
ip nat outside
ip nat enable
ip virtual-reassembly
ppp chap hostname test
ppp chap password test
pseudowire 12.1.1.1 1 pw-class pse
crypto map mymap
!
interface Dialer1
ip address pool zero
encapsulation ppp
dialer pool 1
ppp chap hostname jiachunwang
ppp chap password zero
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat source list 101 interface Virtual-PPP1 overload
!
access-list 100 permit ip 10.200.0.0 0.0.255.255 10.200.0.0 0.0.255.255
access-list 101 permit ip 67.1.0.0 0.0.255.255 10.0.0.0 0.255.255.255
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

----------------------------------------------------------------------------------------------

R7#show run
Building configuration...

Current configuration : 1024 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
ip address 67.1.1.7 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 67.1.1.6
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end