问题描述:
公司A使用的3620路由,内网IP192.168.1.0,静态路由中可以看到与公司B的2600路由器内网IP192.168.11.0已实现相互访问。
目前,公司B的2600路由公网固定IP地址需要更换,如何设置才能继续实现两个公司互相访问?
请各位大神帮忙!!!
组网及组网描述:
- 2022-12-26提问
- 举报
-
(0)
如果公司AB各有公网地址,私网之间要互访,那需要公网上有vpn。常见的vpn是gre和ipsec。
如果是gre,那现有配置应该是A的静态路由指向自己的gre隧道,B的静态路由也指向自己的gre隧道,当B变公网地址时,需要改的是A的gre隧道destination地址,和B的gre隧道source地址。AB的静态路由都不用改,仍指向原来的gre隧道编号。
如果是ipsec,AB到对端私网地址的路由都是指向自己的WAN口。那B变公网地址,主要需要改A的ipsec配置中的remote address,AB的静态路由都不需要改。
- 2022-12-26回答
- 评论(3)
- 举报
-
(1)
需要改的是A的gre隧道destination地址,A在gre隧道在哪里找,虚拟专网里面是空的
zhiliao_u8DpSr
发表时间:2022-12-27
需要改的是A的gre隧道destination地址,我不知道在web页面中怎么修改destination地址
zhiliao_u8DpSr
发表时间:2022-12-28
我的设备不知道为啥登不上去了,暂时没办法贴图跟你说。看看能不能找到gre功能的页面,改一下gre隧道目的地址? 另外,我看下面的配置感觉有点奇怪,有两个gre tunnel,但是目的都是2.2.2.2、3.3.3.3这种不应该出现在公网的地址,我不确定你是用的私网,还是用ipsec打通的2.2.2.2和3.3.3.3。所以我觉得可以先只改gre的目的ip,如果不行,可能要调整ipsec的配置。
Guohao
发表时间:2022-12-29
zhiliao_u8DpSr
知了小白
- #
- version 7.1.064, Release 0707P12
- #
- sysname MSR3620
- #
- telnet server enable
- #
- dhcp enable
- dhcp server forbidden-ip 192.168.1.2 192.168.1.99
- dhcp server forbidden-ip 192.168.1.199 192.168.1.255
- dhcp server always-broadcast
- #
- dns proxy enable
- #
- password-recovery enable
- #
- vlan 1
- #
- dhcp server ip-pool 1
- gateway-list 192.168.1.1
- network 192.168.1.0 mask 255.255.255.0
- address range 192.168.1.100 192.168.1.200
- dns-list 202.102.224.68 202.102.227.68
- #
- dhcp server ip-pool 2
- gateway-list 192.168.9.1
- network 192.168.9.0 mask 255.255.255.0
- address range 192.168.9.100 192.168.9.200
- dns-list 202.102.224.68 202.102.227.68
- #
- dhcp server ip-pool GigabitEthernet0/3
- gateway-list 192.168.6.1
- network 192.168.6.0 mask 255.255.255.0
- address range 192.168.6.100 192.168.6.200
- dns-list 202.102.224.68 202.102.227.68
- #
- dhcp server ip-pool GigabitEthernet0/4
- gateway-list 192.168.7.1
- network 192.168.7.0 mask 255.255.255.0
- address range 192.168.7.100 192.168.7.200
- dns-list 202.102.224.68 202.102.227.68
- #
- dhcp server ip-pool lan1
- gateway-list 192.168.0.1
- network 192.168.0.0 mask 255.255.254.0
- address range 192.168.1.2 192.168.1.254
- dns-list 192.168.0.1
- #
- controller Cellular0/0
- #
- interface Virtual-Template0
- #
- interface NULL0
- #
- interface GigabitEthernet0/0
- port link-mode route
- description Multiple_Line
- combo enable copper
- ip address 1.1.1.1 255.255.255.240
- dns server 202.102.224.68
- dns server 202.102.227.68
- tcp mss 1280
- packet-filter name GigabitEthernet0/0 inbound
- nat outbound
- nat server protocol tcp global 192.168.9.219 8990 inside 192.168.1.219 8990
- nat static enable
- dhcp server apply ip-pool 2
- ipsec apply policy MER
- #
- interface GigabitEthernet0/2
- port link-mode route
- combo enable copper
- ip address 192.168.1.1 255.255.255.0
- nat static enable
- dhcp server apply ip-pool 1
- #
- interface GigabitEthernet0/3
- port link-mode route
- combo enable copper
- speed 1000
- ip address 192.168.6.1 255.255.255.0
- nat static enable
- #
- interface GigabitEthernet0/4
- port link-mode route
- ip address 192.168.7.1 255.255.255.0
- nat static enable
- #
- #
- interface Tunnel1 mode gre
- ip address 192.168.50.2 255.255.255.0
- source GigabitEthernet0/0
- destination 3.3.3.3
- gre key 123456
- #
- interface Tunnel2 mode gre
- description maotang
- ip address 192.168.60.1 255.255.255.0
- source 1.1.1.1
- destination 2.2.2.2
- #
- security-zone name Local
- #
- security-zone name Trust
- #
- security-zone name DMZ
- #
- security-zone name Untrust
- #
- security-zone name Management
- #
- scheduler logfile size 16
- #
- line class console
- user-role network-admin
- #
- line class tty
- user-role network-operator
- #
- line class usb
- user-role network-admin
- #
- line class vty
- user-role network-operator
- #
- line con 0
- user-role network-admin
- #
- line vty 0 63
- authentication-mode scheme
- user-role network-operator
- #
- ip route-static 0.0.0.0 0 GigabitEthernet0/0 1.1.1.2
- ip route-static 192.168.5.0 24 Tunnel1
- ip route-static 192.168.10.0 24 Tunnel1
- ip route-static 192.168.11.0 24 Tunnel2
- #
- undo info-center enable
- #
- acl advanced name GigabitEthernet0/0
- rule 0 permit ip source 202.110.114.0 0.0.0.255 destination 202.110.114.0 0.0.0.255
- #
- password-control enable
- undo password-control aging enable
- undo password-control history enable
- password-control length 6
- password-control login-attempt 3 exceed lock-time 10
- password-control update-interval 0
- password-control login idle-time 0
- password-control complexity user-name check
- #
- domain system
- #
- domain default enable system
- #
- role name level-0
- description Predefined level-0 role
- #
- role name level-1
- description Predefined level-1 role
- #
- role name level-2
- description Predefined level-2 role
- #
- role name level-3
- description Predefined level-3 role
- #
- role name level-4
- description Predefined level-4 role
- #
- role name level-5
- description Predefined level-5 role
- #
- role name level-6
- description Predefined level-6 role
- #
- role name level-7
- description Predefined level-7 role
- #
- role name level-8
- description Predefined level-8 role
- #
- role name level-9
- description Predefined level-9 role
- #
- role name level-10
- description Predefined level-10 role
- #
- role name level-11
- description Predefined level-11 role
- #
- role name level-12
- description Predefined level-12 role
- #
- role name level-13
- description Predefined level-13 role
- #
- role name level-14
- description Predefined level-14 role
- #
- user-group system
- #
- local-user admin class manage
- service-type telnet http
- authorization-attribute user-role network-admin
- #
- connection-limit policy 32
- #
- ipsec transform-set MER
- esp encryption-algorithm 3des-cbc
- esp authentication-algorithm sha1
- #
- ipsec policy MER 65535 isakmp
- transform-set MER
- security acl 3000
- remote-address 2.2.2.3
- ike-profile MER
- sa duration time-based 3600
- sa duration traffic-based 1843200
- #
- ike profile MER
- keychain MER
- local-identity address 1.1.1.1
- match remote identity address 2.2.2.3 255.255.255.255
- proposal 65535
- #
- ike proposal 65535
- encryption-algorithm 3des-cbc
- authentication-algorithm md5
- #
- ike keychain MER
- pre-shared-key address 2.2.2.3 255.255.255.255 key cipher $c$3$1UGdCFDnMMpggJDgSNnldi8fog5gnYB/6g==
- #
- ip https port 65432
- ip http enable
- ip https enable
- #
- wlan global-configuration
- #
- wlan ap-group default-group
- vlan 1
- #
- return
- 2022-12-27回答
- 评论(2)
- 举报
-
(0)
这个是A公司的路由配置,外网固定IP用1.1.1.1表示,公司B用2.2.2.2和网关2.2.2.3表示
zhiliao_u8DpSr
发表时间:2022-12-27
公司A用的3620,当时用的命令调试的,我在web配置了虚拟专网IPSEC VPN,原来是没有的
zhiliao_u8DpSr
发表时间:2022-12-27
编辑答案
➤
✖
亲~登录后才可以操作哦!
确定
✖
✖
你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
✖
举报
×
侵犯我的权益
>
对根叔社区有害的内容
>
辱骂、歧视、挑衅等(不友善)
侵犯我的权益
×
侵犯了我企业的权益
>
抄袭了我的内容
>
诽谤我
>
辱骂、歧视、挑衅等(不友善)
骚扰我
侵犯了我企业的权益
×
您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
抄袭了我的内容
×
原文链接或出处
诽谤我
×
您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。
对根叔社区有害的内容
×
垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载
>
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票
不规范转载
×
举报说明