H3C设备GRE-over-IPSec-VPN

1.配置GRE，封装私网之间流量2.配置路由OSPF，学习私网路由3.配置NAT，使私网用户可以访问公网资源4.配置IPSec，加密GRE封装的流量RTA配置[RTA]discu#ikepeerrtbpre-shared-keysimpleaabbccremote-address2.2.2.2\\指定对端Site公网IP#ipsecproposalproespauthentication-algorithmsha1espencryption-algorithmaes128#ipsecpolicymap10isakmpsecurityacl3001ike-peerrtbproposalpro#aclnumber3000rule20permitipsource192.168.1.00.0.0.255\\定义需要NAT的流量aclnumber3001rule10permitipsource1.1.1.20destination2.2.2.20\\定义感兴趣流量，site-to-site公网IP#interfaceEthernet0/1/1portlink-moderoutenatoutbound3000\\EasyNATipaddress1.1.1.2255.255.255.0ipsecpolicymap#interfaceTunnel0\\配置GREtunnel-protocolgreipaddress10.1.1.1255.255.255.0source1.1.1.2destination2.2.2.2#ospf1\\运行OSPF，学习GRE及私网路由area0.0.0.0network10.1.1.00.0.0.255network192.168.1.00.0.0.255#iproute-static0.0.0.00.0.0.01.1.1.1#RTB配置[RTB]discu#ikepeerrtapre-shared-keysimpleaabbccremote-address1.1.1.2#ipsecproposalproespauthentication-algorithmsha1espencryption-algorithmaes128#ipsecpolicymap10isakmpsecurityacl3001ike-peerrtaproposalpro#aclnumber3000rule20permitipsource192.168.2.00.0.0.255aclnumber3001rule10permitipsource2.2.2.20destination1.1.1.20#interfaceEthernet0/1/0portlink-moderouteipaddress192.168.2.1255.255.255.0#interfaceEthernet0/1/1portlink-moderoutenatoutbound3000ipaddress2.2.2.2255.255.255.0ipsecpolicymap#interfaceTunnel0ipaddress10.1.1.2255.255.255.0source2.2.2.2destination1.1.1.2#ospf1area0.0.0.0network10.1.1.00.0.0.255network192.168.2.00.0.0.255#iproute-static0.0.0.00.0.0.02.2.2.1#