现场有多个vpn实例,每个vpn实例下有多个网段。客户需要两个vpn实例之间只有部分网段能够互通。如图例中,要求vpn1中的192.168.1.0/24网关与vpn2中的192。168.2.0/24网段能通,但是与vpn2中的192.168.3.0/24网段不通。
acl advanced 3001
rule 0 permit ip source 192.168.2.0 0.0.0.255
#
acl advanced 3002
rule 0 permit ip source 192.168.1.0 0.0.0.255
#
route-policy guolv1 permit node 1
if-match ip address acl 3001
#
route-policy guolv2 permit node 1
if-match ip address acl 3002
ip vpn-instance vpn1
#
address-family ipv4
route-replicate from vpn-instance vpn2 protocol direct route-policy guolv1
#
ip vpn-instance vpn2
#
address-family ipv4
route-replicate from vpn-instance vpn1 protocol direct route-policy guolv2
#
主要用到了路由引入及路由策略,如果是公网路由与vpn实例路由相互引入,则配置参考如下。是否支持public引入vpn实例路由与设备及版本有关。
# 将VPN实例vpn1中OSPF的有效路由引入到公网中。
<Sysname> system-view
[Sysname] ip public-instance
[Sysname-public-instance] address-family ipv4
[Sysname-public-instance-ipv4] route-replicate from vpn-instance vpn1 protocol ospf 1
# 引入公网OSPF的有效路由到VPN实例vpn1中。
<Sysname> system-view
[Sysname]ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family ipv4
[Sysname-vpn-ipv4-vpn1] route-replicate from public protocol ospf 1
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作