最终实现:
1、pc1能用nat上网ping能pc3
2、pc1能通过gre访问pc2
3、全部用静态路由做,没有用ospf,如果要用ospf,那么两边除了路由器上跑ospf,核心交换机也得用ospf
r2配置:
acl number 3000
rule 5 deny gre //把要gre的数据先拿掉不做nat
rule 10 permit ip
interface GigabitEthernet0/0/0
ip address 100.0.0.2 255.255.255.0
nat outbound 3000 //上外网nat
interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
interface GigabitEthernet0/0/2
interface Tunnel0/0/0
ip address 100.100.0.1 255.255.255.0
tunnel-protocol gre
keepalive
source 100.0.0.2
destination 200.0.0.2
gre key 6666
gre checksum
ip route-static 0.0.0.0 0.0.0.0 100.0.0.1 //外网默认路由
ip route-static 172.16.0.0 255.255.255.0 Tunnel0/0/0 100.100.0.2 //不指定下一跳不通
ip route-static 192.168.0.0 255.255.255.0 10.0.0.2 //内网回程路由
R3配置:
interface GigabitEthernet0/0/0
ip address 200.0.0.2 255.255.255.0
interface GigabitEthernet0/0/1
ip address 3.3.3.1 255.255.255.0
interface GigabitEthernet0/0/2
interface NULL0
interface Tunnel0/0/0
ip address 100.100.0.2 255.255.255.0
tunnel-protocol gre
keepalive
source 200.0.0.2
destination 100.0.0.2
gre key 6666
gre checksum
ip route-static 0.0.0.0 0.0.0.0 200.0.0.1
ip route-static 172.16.0.0 255.255.255.0 3.3.3.3
ip route-static 192.168.0.0 255.255.255.0 Tunnel0/0/0 100.100.0.1