摘 要随着Internet的快速发展，在人们的日常生活中，人们时常会讨论到“因特网”这个词，现在人们对互联网已经不再像九十年代那样陌生，随着互联网的飞速发展，人们对网络的需求日渐提升，世界已经进入了——互联网时代。全球有成千上万家的企业，在这样一个全网互联的时代里面，所有公司都离不开网络的帮助，每个公司都会搭建自己的网络环境，各个企业的网络都各不相同，都有针对自己企业所运营的环境不同，网络解决方案也有所不同。随着网络技术的发展和公司规模的不断扩大,很多公司都会成立子公司。为了充分利用网络实现信息交流、协同工作,需要将公司总部与子公司的网络进行互连。而要实现总部与分部的私网互访，流量就必需从Internet走，而公司有需求，需要对流量进行加密，保证网络安全，避免其它非法人员盗取流量，对公司业务进行破坏。我们就要使用技术手段来实现公司的需求，满足客户的需要。GRE作为一种通用隧道协议,可以承载多种协议,支持多协议隧道。可以实现而在实际环境中,GRE结合IPsec VPN隧道技术的使用,可以由IPsec技术提供用户传输数据的加密和验证,从而为网络通信提供更好的安全性,因此有着广泛的应用。 部署IPSec VPN时,在不同封装模式中需使用不同协议下的数据封装格式,并且IPSec通过在不同场景中使用不同的封装模式提供差异化安全服务。在数据包封装格式基础上,详细分析场景中的封装模式选择并分析其原因,探讨IPSec封装模式在GRE隧道下的应用及报文格式，查看IPSec是如何对数据进行加密，并通过GRE隧道进行通信。 
目 录
第一章 绪 论 4
1.1设计目的 4
1.2环境及模拟器 4
1.3 DHCP简介 5
1.4 BGP简介 5
1.5 GRE简介 6
1.6 IPSec简介 6
第二章 网络设计分析 8
2.1网络拓扑绘制 8
2.2网络资源分配 8
第三章 综合实施 10
3.1 Internet区域配置实现 10
3.1.1 Int1配置 10
3.1.2 Int2配置 11
3.1.3 Int3配置 11
3.1.4 In *景先生毕设|www.jxszl.com +Q: *351916072* 
t4配置 12
3.2 GRE隧道配置实现 13
3.2.1 filiale1配置 13
3.2.2 filiale2配置 14
3.2.3 Center配置 14
3.3 IPSec配置实现 14
3.3.1filiale1配置 16
3.3.2filiale2配置 17
3.3.3 Center配置 17
第四章 测试 19
4.1 Internet测试 19
4.1.1查看OSPF邻居是否建立成功 19
4.2查看BGP关系是否正常 19
4.2.1 Int1路由器BGP邻居状态 19
4.2.2 Int2路由器BGP邻居状态 20
4.2.3 Int3路由器BGP邻居状态 20
4.2.4 Int4路由器BGP邻居状态 20
4.2.5 filiale1路由器BGP邻居状态 21
4.2.6 filiale2路由器BGP邻居状态 21
4.3 总公司—分公司互访测试 21
4.3.1 测试总公司与分公司1连通性 21
4.3.2 测试总公司与分公司2连通性 22
4.4 验证报文是否加密 22
致谢 25
参考文献 26
Abstract
With the rapid development of the Internet, people are no longer as familiar with the Internet as they were in the 1990s. With the rapid development of the Internet, peoples demand for the network is increasing, and the world has entered the Internet era.There are tens of thousands of enterprises in the world. In such an era of full network interconnection, all companies can not do without the help of the network. Each company will build its own network environment. Each enterprises network is different. Each enterprise has different environment for its own business operation, and network solutions are also different.With the development of network technology and the expansion of company scale, many companies will set up subsidiaries. In order to make full use of the network to achieve information exchange and collaborative work, it is necessary to interconnect the network of company headquarters and subsidiaries.However, in order to realize the exchange of private network visits between headquarters and branches, traffic must go through the Internet, and the company needs to encrypt traffic to ensure network security and avoid other illegal personnel stealing traffic and damaging the companys business. We will use technical means to meet the companys needs and meet the needs of customers.
GRE, as a general tunneling protocol, can carry multiple protocols and support multiprotocol tunneling. It can be realized. In the actual environment, GRE combined with the use of IPsec VPN tunnel technology can provide encryption and authentication of user transmission data by IPsec technology, thus providing better security for network communication, so it has a wide range of applications. When deploying IPSec VPN, data encapsulation formats under different protocols need to be used in different encapsulation modes, and IPSec provides differentiated security services by using different encapsulation modes in different scenarios. On the basis of packet encapsulation format, this paper analyzes in detail the selection of encapsulation mode in the scene and its causes, discusses the application of IPSec encapsulation mode under GRE tunnel and message format, and looks at how IPSec encrypts data and communicates through GRE tunnel.  

原文链接：http://www.jxszl.com/dzxx/dzkxyjs/558398.html