IPsec vpn Ike 配置

网工 3个月前 散逸
浏览:212 0
IPsec vpn Ike 配置

AR1

<R1>dis cu
#
sysname R1                                //
#
undo info-center enable                   //
#
acl number 3000                           //
 rule 5 permit ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255         //
 rule 10 deny ip                          //
#
ipsec proposal 183051                     //
 esp authentication-algorithm sha1       // ESP认证- SHA1算法
 esp encryption-algorithm aes-128           //
#
ike peer 183051 v2                       //ike对等体名称  + 版本 v2
 pre-shared-key simple 183051            //
 remote-address 200.1.1.2             //
#
ipsec policy 183051 1 isakmp      //ipsec policy+安全策略名称+ IPSec策略的序号+isakmp
 security acl 3000               //
 ike-peer 183051                //
 proposal 183051                  //
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0                                          //
 ip address 172.16.1.1 255.255.255.0                 //
#
interface Ethernet0/0/1                               //
 ip address 100.1.1.1 255.255.255.0                 //
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.2                                  //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

AR2

<R2>dis cu
#
sysname R2                               //
#
undo info-center enable                               //
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0                               //
 ip address 200.1.1.1 255.255.255.0                               //
#
interface Ethernet0/0/1                               //
 ip address 100.1.1.2 255.255.255.0                               //
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 172.16.1.0 255.255.255.0 100.1.1.1                               //
ip route-static 192.168.1.0 255.255.255.0 200.1.1.2                               //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

AR3

[R3]dis cu
#
sysname R3                               //
#
undo info-center enable                               //
#
acl number 3000                               //
 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 172.16.1.0 0.0.0.255                               //
 rule 10 deny ip                               //
#
ipsec proposal 183051R3                               //
 esp authentication-algorithm sha1                               //
 esp encryption-algorithm aes-128                               //
#
ike peer 183051R3 v2                               //
 pre-shared-key simple 183051                               //
 local-address 200.1.1.2                  //本端
 remote-address 100.1.1.1                 //对端
#
ipsec policy 183051R3 1 isakmp                               //
 security acl 3000                               //
 ike-peer 183051R3                               //
 proposal 183051R3                               //
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0                               //
 ip address 200.1.1.2 255.255.255.0                               //
 ipsec policy 183051R3                               //
#
interface Ethernet0/0/1                               //
 ip address 192.168.1.1 255.255.255.0                               //
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.1                               //
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
版权声明:散逸 发表于 2019-12-25 10:07:14。
转载请注明:IPsec vpn Ike 配置 | 散逸

暂无评论

暂无评论...