【正文】 B_PE:B_PE(config)router eigrp 100 **/運行EIGRP協(xié)議B_PE(configrouter)no autosummary **/關(guān)閉自動匯總B_PE(configrouter)network B_PE(configrouter)network BZ_PE:BZ_PE(config)router eigrp 100BZ_PE(configrouter)no autosummary BZ_PE(configrouter)network BZ_PE(configrouter)network 第五步：配置全局的BGP參數(shù)MPBGP用于跨越MPLS VPN主干在PE路由器之間通告客戶路由。B_PE(config)int s0/1 B_PE(configif)ip vrf Forwarding CE1PE1 **/把vrf關(guān)聯(lián)到接口上B_PE(config)int s0/0B_PE(configif)ip add BZ_PE(config)int s0/2 BZ_PE(configif)ip vrf Forwarding CE2PE2BZ_PE(config)int s0/1BZ_PE (configif)ip add 當(dāng)配置完VRF時，再查看B_PE路由表。第一步：配置用作LDP路由器ID的環(huán)回接口。圖625 路由的標(biāo)簽分配通過命令traceroute命令來查看B_PE同它鄰居標(biāo)簽的交換。C(config) crypto isakmp policy 1 C(configisakmp)authentication preshare C(configisakmp)encryption 3des C(configisakmp)hash md5 C(configisakmp)group 2 C(configisakmp)exit CZ(config) crypto isakmp policy 1 **//設(shè)置定優(yōu)先級CZ(configisakmp)authentication preshare **//設(shè)置密鑰為預(yù)共享密鑰CZconfigisakmp)encryption 3des **//加密方式為3重DES CZ(configisakmp)hash md5 **//哈希為MD5CZ(configisakmp)group 2 **//屬于IPSEC 組2 CZconfigisakmp)exit **//退出這個模式圖629 為isakmp的策略信息第三步：配置IPSec變換集，交換集指定了IKE Phase2期間協(xié)商的IPSec SA使用的加密參數(shù)?？梢钥吹?，數(shù)據(jù)成功傳輸，達(dá)到預(yù)期效果，C和C子公司直接的VPN隧道建立成功由于公司的一些業(yè)務(wù)，需要是內(nèi)部的主機(jī)可以訪問外網(wǎng)，所以我們再內(nèi)部主機(jī)上面配置nat，但是配置之后原先正常的VPN會不通，這是因為A：數(shù)據(jù)包流入路由器的處置流程：ACL—VPN的解密—NAT—戰(zhàn)略路由—規(guī)范路由B：數(shù)據(jù)包流出路由器的處置流程：NAT—VPN的加密—ACL—戰(zhàn)略路由—規(guī)范路由所以在配置NAT的時分必須要deny 掉定義的VPN數(shù)據(jù)流，不然的話數(shù)據(jù)流會先走NAT，overload之后 VPN將會不通：C(config)accesslist 100 deny ip 首先，最初開始設(shè)計時，對模擬工具小凡的掌握還不算到位，走了不少彎路。同窗之誼，終生難忘！參考文獻(xiàn)[1] 謝希仁．計算機(jī)網(wǎng)絡(luò)（第五版）[M]．北京：電子工業(yè)出版社，2009，175176．[2] 葛建立，（第一卷）（第二版）[M]．北京：人民郵電出版社，2007，100．[3] 夏俊杰，CCNP ISCW[M]．北京：人民郵電出版社，2008，1011．[4] 周飛菲，張召忠．組網(wǎng)技術(shù)與網(wǎng)絡(luò)管理[M]．北京：清華大學(xué)出版社，2006，3557．[5] Mark Lewls、[M]．北京：人民郵電出版社，2006，2089．[6] 陳宇、[M]．北京：人民郵電出版社，2007．[7] Greg Bastien，Earl Carter．CCSP Cisco安全PIX防火墻認(rèn)證考試指南[M]．人民郵電出版社，2005．[8] 田國增，劉晶晶，張召賢．組網(wǎng)技術(shù)與網(wǎng)絡(luò)管理[M]．北京：清華大學(xué)出版社，2009，175176．[9] 賀平．網(wǎng)絡(luò)管理與維護(hù)[M]．北京：高等教育出版社，2010．[10]孫甲水．VPN路由器在構(gòu)建遠(yuǎn)程網(wǎng)絡(luò)互聯(lián)的應(yīng)用[J]．計算機(jī)與現(xiàn)代化，2011，12：414．[11]陳曉武，甘郝新．基于MPLS的VPN技術(shù)在珠江委網(wǎng)絡(luò)中的應(yīng)用探討[J]．人民珠江，2011，6：512．[12]嚴(yán)學(xué)軍．兩種VPN技術(shù)在Packet Tracer中的實現(xiàn)[J]．科技信息，2011，34：717．The Application Of the VPN Technology In The Enterprise Network.Concord University College Fujian Normal UniversityDepartment of Information Techonology Electronic Information Engineering124132008057 Huang Lin Tutor:Zhang Meiqiong[Abstract] Using the public link to build a private network , the VPN has actually set up a data transmission tunnel with the help of the encryption technology, in which way, fulfills the purpose of remotely accessing to the central network without setting up any individual line and also enables enterprises to massively cut down their expenditures. With the VPN technology, the remote users can access to the correspondence network resources conveniently as long as they have Internet access. To prevent any disclosure of the private information and to guarantee the security and the stability of the data, all that transmitted between the VPN server and the client been encrypted. For the above advantages, VPN has been widely used in many enterprises. as well as in the laboratory prototype built a multicast environment on Multicast Technology Application of certain research verification. In the simulator and laboratory prototype tests are basically achieves the design goal. However, in this design is still there with a lot of technology in campus network and multicast design application to join, if these techniques are applied to the campus network and the multicast technology more perfect. Through the study of this topic, basically realize the expected requirements to be achieved, of course the subject only to the campus network design and multicast applications of some simple research, pared to the reality in the campus network construction, its function is not enough. However, through this research we can make the campus network construction has a certain understanding, for later in the practice of establishing campus network will play a certain role. Of course this subject only to the VPN web design application some simple research, relative to the enterprise VPN nets of actual form for, its function is far from enough. But, through this topic research can make our enterprise nets VPN to form a has an understanding of and for the future in the practice of the VPN form will play a role。 Ipsec Vpn。再次，我還應(yīng)該多掌握些網(wǎng)絡(luò)安全的知識，不斷提高自己的能力。圖630 測試同外網(wǎng)的連通性C路由器模擬C總公司內(nèi)部網(wǎng)絡(luò)去測試是否可以正常訪問外網(wǎng)，可以看到達(dá)到預(yù)期效果。C(config)crypto ipsec transformset set10 esp3des espshahmac **//定義變換集C(cfgcryptotrans)mode tunnel **//模式為隧道CZ(config)crypto ipsec transformset set10 esp3des espshahmac **//定義變換集CZ(cfgcryptotrans)mode tunnel **//模式為隧道第四步：配置加密訪問列表，加密訪問列表指定了將被變換集中的IPSec變換保護(hù)的數(shù)據(jù)流。BZ同B之間模擬B子公司同B公司總部之間的測試：圖627 測試連通性測試結(jié)果如上所示，達(dá)到預(yù)期效果。P (config)ip cef **在全局模式下運行MPLS 第三步：在核心接口上配置MPLS。 圖621顯示同B直連的路由信息第九步：配置PECE路由選擇協(xié)議并將客戶路由重發(fā)到了MPBGP中PECE路由選擇協(xié)議的配置使用RIP第2版，大部分配置是在IPv4地址家族下完成的。B_PE(config)router bgp 100 **/運行BGP協(xié)議B_PE(configrouter)no autosummary **/關(guān)閉自動匯總B_PE(configrouter)