AR1
<R1>dis cu
#
sysname R1 //
#
undo info-center enable //
#
acl number 3000 //
rule 5 permit ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 //
rule 10 deny ip //
#
ipsec proposal 183051 //
esp authentication-algorithm sha1 // ESP认证- SHA1算法
esp encryption-algorithm aes-128 //
#
ike peer 183051 v2 //ike对等体名称 + 版本 v2
pre-shared-key simple 183051 //
remote-address 200.1.1.2 //
#
ipsec policy 183051 1 isakmp //ipsec policy+安全策略名称+ IPSec策略的序号+isakmp
security acl 3000 //
ike-peer 183051 //
proposal 183051 //
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0 //
ip address 172.16.1.1 255.255.255.0 //
#
interface Ethernet0/0/1 //
ip address 100.1.1.1 255.255.255.0 //
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.2 //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
AR2
<R2>dis cu
#
sysname R2 //
#
undo info-center enable //
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0 //
ip address 200.1.1.1 255.255.255.0 //
#
interface Ethernet0/0/1 //
ip address 100.1.1.2 255.255.255.0 //
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 172.16.1.0 255.255.255.0 100.1.1.1 //
ip route-static 192.168.1.0 255.255.255.0 200.1.1.2 //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
AR3
[R3]dis cu
#
sysname R3 //
#
undo info-center enable //
#
acl number 3000 //
rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 172.16.1.0 0.0.0.255 //
rule 10 deny ip //
#
ipsec proposal 183051R3 //
esp authentication-algorithm sha1 //
esp encryption-algorithm aes-128 //
#
ike peer 183051R3 v2 //
pre-shared-key simple 183051 //
local-address 200.1.1.2 //本端
remote-address 100.1.1.1 //对端
#
ipsec policy 183051R3 1 isakmp //
security acl 3000 //
ike-peer 183051R3 //
proposal 183051R3 //
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0 //
ip address 200.1.1.2 255.255.255.0 //
ipsec policy 183051R3 //
#
interface Ethernet0/0/1 //
ip address 192.168.1.1 255.255.255.0 //
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.1 //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
散逸-博客-导航
共有 0 条评论