1.配置ip（如图所示 ）

2.配置缺省实现联通

[r1]ip route-static 0.0.0.0 0 12.1.1.2[r3]ip route-static 0.0.0.0 0 23.1.1.2[r4]ip route-static 0.0.0.0 0 34.1.1.2 

3.配置tunnel实现私网访问私网

r1

[r1]int tunnel 0/0/0 --进入接口
[r1-Tunnel0/0/0]ip ad 192.168.4.1  24 --配置ip
[r1-Tunnel0/0/0]tunnel-protocol gre p2mp -- 定义该隧道为多点gre隧道
[r1-Tunnel0/0/0]source 12.1.1.1 -- 该隧道加封转的报头源ip地址
[r1-Tunnel0/0/0]nhrp entry multicast dynamic ---通过nhrp协议来获取封装的目标IP地址 成为nhrp服务端
[r1-Tunnel0/0/0]nhrp network-id 100 ---nhrp的工作编号，该网段所有的设备必须在同一id

r3

[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ip add 192.168.4.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source 23.1.1.1 
[r3-Tunnel0/0/0]source g0/0/0  加封装的源ip地址，为本地的隧道实际通过接口的ip地址，填写接口编号，而不是接口ip，原因在于该接口ip地址可变
[r3-Tunnel0/0/0]nhrp entry 192.168.4.1 12.1.1.1 register ---加封装的目标ip地址，需要到NHRP中心站点获取
[r3-Tunnel0/0/0]nhrp network-id 100

 r4

[r4]int Tunnel 0/0/0
[r4-Tunnel0/0/0]ip add 192.168.4.3 24
[r4-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r4-Tunnel0/0/0]source 34.1.1.1 
[r4-Tunnel0/0/0]source g0/0/0  
[r4-Tunnel0/0/0]nhrp entry 192.168.4.1 12.1.1.1 register 
[r4-Tunnel0/0/0]nhrp network-id 100 

r1 ping r3，r4 

 

4.配置nat实现私网访问公网

[r1]acl 2000
[r1-acl-basic-2000]rule permit source 12.1.1.1 0.0.0.0
[r1-acl-basic-2000]rule permit source 192.168.1.1 0.0.0.0 
[r1-acl-basic-2000]int g 0/0/1
[r1-GigabitEthernet0/0/1]nat outbound 2000
[r1-GigabitEthernet0/0/1]ping 4.4.4.4PING 4.4.4.4: 56  data bytes, press CTRL_C to breakReply from 4.4.4.4: bytes=56 Sequence=1 ttl=255 time=20 ms