企业官网建设流程全解析

首页 / 建站日记 / 企业官网建设流程全解析
锐捷nat+gre over ipsec组网
2026/6/19 16:11:19 网站建设 项目流程

一 网络拓扑

1.总部和分支都是单链路,连接互联网,通过nat和gre over ipsec vpn实现内网互通

二 设备配置

2.1 R11设备配置

hostname R11

!

interface GigabitEthernet 0/0

ip address 1.1.1.1 255.255.255.0

!

interface Loopback 0

ip address 192.168.1.1 255.255.255.255

!

ip route 0.0.0.0 0.0.0.0 1.1.1.2

!

2.2 R12设备配置-NAT和GRE+IPSEC配置

hostname R12

!

ip access-list extended 100//IPSEC感兴趣流

5 permit ip host 202.1.1.1 host 203.1.1.2

!

ip access-list extended 110//NAT配置

10 deny ip host 192.168.1.1 host 192.168.10.1

15 permit ip host 192.168.1.1 any

!

ip nat inside source list 110 interface GigabitEthernet 0/1 overload

!

crypto isakmp policy 1

encryption 3des

authentication pre-share

hash md5

group 2

!

crypto isakmp keepalive 5 periodic

!

crypto isakmp key 7 151b5f72 address 203.1.1.2

crypto ipsec transform-set 1 esp-3des esp-md5-hmac

!

crypto map 1 1 ipsec-isakmp

set peer 203.1.1.2

set transform-set 1

match address 100

!

interface GigabitEthernet 0/0

ip address 1.1.1.2 255.255.255.0

ip nat inside

!

interface GigabitEthernet 0/1

ip address 202.1.1.1 255.255.255.0

crypto map 1

ip nat outside

!

interface Tunnel 1

ip address 10.1.1.1 255.255.255.0

tunnel source 202.1.1.1

tunnel destination 203.1.1.2

!

ip route 0.0.0.0 0.0.0.0 202.1.1.2

ip route 192.168.1.1 255.255.255.255 1.1.1.1

!

2.3 ISP设备配置

hostname ISP

!

interface GigabitEthernet 0/0

ip address 203.1.1.1 255.255.255.0

!

interface GigabitEthernet 0/1

ip address 202.1.1.2 255.255.255.0

!

interface Loopback 0

ip address 8.8.8.8 255.255.255.255

!

2.4 R14设备配置-NAT和GRE+IPSEC配置

hostname R14

!

ip access-list extended 100//IPSEC感兴趣流

10 permit ip host 192.168.10.1 host 192.168.1.1

!

ip access-list extended 110//NAT

10 deny ip host 192.168.10.1 host 192.168.1.1

15 permit ip host 192.168.10.1 any

!

ip nat inside source list 110 interface GigabitEthernet 0/0 overload

!

crypto isakmp policy 1

encryption 3des

authentication pre-share

group 2

!

crypto isakmp keepalive 5 periodic

!

crypto isakmp key 7 06576c50 address 202.1.1.1

crypto ipsec transform-set 1 esp-3des esp-md5-hmac

!

crypto map 1 1 ipsec-isakmp

set peer 202.1.1.1

set transform-set 1

match address 100

!

interface GigabitEthernet 0/0

ip address 203.1.1.2 255.255.255.0

crypto map 1

ip nat outside

!

interface GigabitEthernet 0/1

ip address 2.2.2.2 255.255.255.0

ip nat inside

!

interface Tunnel 1

ip address 10.1.1.2 255.255.255.0

tunnel source 203.1.1.2

tunnel destination 202.1.1.1

!

ip route 0.0.0.0 0.0.0.0 203.1.1.1

ip route 192.168.10.1 255.255.255.255 2.2.2.1

!

2.5 R15设备配置

hostname R15

!

interface GigabitEthernet 0/0

!

interface GigabitEthernet 0/1

ip address 2.2.2.1 255.255.255.0

!

interface Loopback 0

ip address 192.168.10.1 255.255.255.255

!

ip route 0.0.0.0 0.0.0.0 2.2.2.2

!

三 业务测试

3.1 R11业务测试

R11#

R11#ping 192.168.10.1 source 192.168.1.1

Sending 5, 100-byte ICMP Echoes to 192.168.10.1, timeout is 2 seconds:

< press Ctrl+C to break >

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms.

R11#

3.2 R15业务测试

R15#ping 192.168.1.1 source 192.168.10.1

Sending 5, 100-byte ICMP Echoes to 192.168.1.1, timeout is 2 seconds:

< press Ctrl+C to break >

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/11 ms.

R15#

四 设备状态

4.1 R12-NAT和IPSEC状态查看

R12#show crypto isakmp sa

destination source state conn-id lifetime(second)

203.1.1.2 202.1.1.1 IKE_IDLE 1 86101

R12#show crypto ipsec sa

Crypto map tag:1

local ipv4 addr 202.1.1.1

media mtu 1500

==================================

sub_map type:static, seqno:1, id=1

local ident (addr/mask/prot/port): (202.1.1.1/0.0.0.0/0/0))

remote ident (addr/mask/prot/port): (203.1.1.2/0.0.0.0/0/0))

PERMIT

#pkts encaps: 2490, #pkts encrypt: 2490, #pkts digest 2490

#pkts decaps: 2490, #pkts decrypt: 2490, #pkts verify 2490

#send errors 0, #recv errors 0

pkts encaps errors:

#negoitate pkt drop: 0, #sab useless: 0, encap data fail: 0, compute hash fail: 0

pkts decypto errors:

#check reply wind fail: 0, #compute hash fail: 0, verify hash fail: 0

#pkts detect send req: 0, recv reply: 0, recv req: 0, send reply: 0

Inbound esp sas:

spi:0x7046a103 (1883676931)

transform: esp-3des esp-md5-hmac

in use settings={Tunnel Encaps,}

crypto map 1 1

sa timing: remaining key lifetime (k/sec): (4605988/3301)

IV size: 0 bytes

Replay detection support:Y

Outbound esp sas:

spi:0xed941edf (3985907423)

transform: esp-3des esp-md5-hmac

in use settings={Tunnel Encaps,}

crypto map 1 1

sa timing: remaining key lifetime (k/sec): (4605988/3301)

IV size: 0 bytes

Replay detection support:Y

R12#show crypto isakmp policy

Protection suite of priority 1

encryption algorithm: Three key triple DES.

hash algorithm: Message Digest 5

authentication method: Pre-Shared Key

Diffie-Hellman group: #2 (1024 bit)

lifetime: 86400 seconds

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys).

hash algorithm: Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #1 (768 bit)

lifetime: 86400 seconds

R12#

4.2 R14-NAT和IPSEC状态查看

R14#show crypto isakmp sa

destination source state conn-id lifetime(second)

202.1.1.1 203.1.1.2 IKE_IDLE 1 86019

R14#show crypto ipsec sa

Crypto map tag:1

local ipv4 addr 203.1.1.2

media mtu 1500

==================================

sub_map type:static, seqno:1, id=1

local ident (addr/mask/prot/port): (203.1.1.2/0.0.0.0/0/0))

remote ident (addr/mask/prot/port): (202.1.1.1/0.0.0.0/0/0))

PERMIT

#pkts encaps: 3239, #pkts encrypt: 3239, #pkts digest 3239

#pkts decaps: 3239, #pkts decrypt: 3239, #pkts verify 3239

#send errors 0, #recv errors 0

pkts encaps errors:

#negoitate pkt drop: 0, #sab useless: 0, encap data fail: 0, compute hash fail: 0

pkts decypto errors:

#check reply wind fail: 0, #compute hash fail: 0, verify hash fail: 0

#pkts detect send req: 0, recv reply: 0, recv req: 0, send reply: 0

Inbound esp sas:

spi:0xed941edf (3985907423)

transform: esp-3des esp-md5-hmac

in use settings={Tunnel Encaps,}

crypto map 1 1

sa timing: remaining key lifetime (k/sec): (4606684/3220)

IV size: 0 bytes

Replay detection support:Y

Outbound esp sas:

spi:0x7046a103 (1883676931)

transform: esp-3des esp-md5-hmac

in use settings={Tunnel Encaps,}

crypto map 1 1

sa timing: remaining key lifetime (k/sec): (4606684/3220)

IV size: 0 bytes

Replay detection support:Y

R14#show crypto isakmp policy

Protection suite of priority 1

encryption algorithm: Three key triple DES.

hash algorithm: Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #2 (1024 bit)

lifetime: 86400 seconds

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys).

hash algorithm: Secure Hash Standard

authentication method: Pre-Shared Key

Diffie-Hellman group: #1 (768 bit)

lifetime: 86400 seconds

R14#

标签: 网站建设 企业官网 项目流程 UI设计 前端开发

热门文章

文章分类

标签云

网站建设 响应式设计 用户体验 SEO优化 前端开发 小程序 电商平台 性能优化

相关文章

您可能感兴趣的其他内容

技术深度解析:微信聊天记录本地化解析与结构化数据导出完整解决方案
2026/6/19 16:07:18 网站建设

技术深度解析:微信聊天记录本地化解析与结构化数据导出完整解决方案

技术深度解析&#xff1a;微信聊天记录本地化解析与结构化数据导出完整解决方案 【免费下载链接】WeChatMsg 提取微信聊天记录&#xff0c;将其导出成HTML、Word、CSV文档永久保存&#xff0c;对聊天记录进行分析生成年度聊天报告 项目地址: https://gitcode.com/GitHub_Tren…...

阅读更多 →
Ghidra终极指南:开源软件逆向工程框架的完整使用教程
2026/6/19 16:05:23 网站建设

Ghidra终极指南:开源软件逆向工程框架的完整使用教程

Ghidra终极指南&#xff1a;开源软件逆向工程框架的完整使用教程 【免费下载链接】ghidra Ghidra is a software reverse engineering (SRE) framework 项目地址: https://gitcode.com/GitHub_Trending/gh/ghidra Ghidra是由美国国家安全局&#xff08;NSA&#xff09;开…...

阅读更多 →
词义合理性评分技术:从WSD到结构化提示工程
2026/6/19 15:44:57 网站建设

词义合理性评分技术:从WSD到结构化提示工程

1. 词义合理性评分的技术演进词义消歧&#xff08;Word Sense Disambiguation, WSD&#xff09;作为自然语言处理的基础任务&#xff0c;其核心挑战在于处理人类语言中普遍存在的模糊性。传统方法如Lesk算法和基于监督学习的分类器&#xff0c;通常将WSD视为离散的分类问题——…...

阅读更多 →

需要专业的网站建设服务?

联系我们获取免费的网站建设咨询和方案报价,让我们帮助您实现业务目标

立即咨询