有关IPSec VPN的原理,这里就不展开了,我们直接上图上配置
华为:
#
ike proposal 1
encryption-algorithm aes-cbc-128
authentication-algorithm aes-xcbc-mac-96
#
ike peer 1 v2
pre-shared-key cipher 12345@huawei
ike-proposal 1
local-address 12.12.12.1
remote-address 23.23.23.3
#
ipsec proposal 1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#
acl number 3000
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
ipsec policy 1 1 isakmp
security acl 3000
ike-peer 1
proposal 1
#
ip route-static 0.0.0.0 0.0.0.0 12.12.12.2
#
--------------------------------------------------------------------------------------------------------------------------
H3C:
#
ike proposal 1
encryption-algorithm aes-cbc-128
#
ike keychain 1
match local address 12.12.12.1
pre-shared-key address 23.23.23.3 255.255.255.0 key cipher $c$3$4UeEAf40bV9Vz/Ixl0Wkx2s0j1ZDIH4EY6vQAg==
#
ike profile 1
keychain 1
local-identity address 12.12.12.1
match remote identity address 23.23.23.3 255.255.255.0
proposal 1
#
ipsec transform-set 1
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm aes-xcbc-mac
#
acl advanced 3000
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
ipsec policy 1 1 isakmp
transform-set 1
security acl 3000
remote-address 23.23.23.3
ike-profile 1
二、不固定IP,主模式
----------------------------------------------------------
华为:
AR1:
ipsec proposal huawei
#
ike proposal 1
#
ike peer branch v1
pre-shared-key simple huawei
ike-proposal 1
local-address 12.12.12.1
#
ipsec policy-template branch 1
ike-peer branch
proposal huawei
#
ipsec policy-template branch 1
ike-peer branch
proposal huawei
#
ipsec policy branch_policy 1 isakmp template branch
#
interface GigabitEthernet0/0/1
ip address 12.12.12.1 255.255.255.0
ipsec policy branch_policy
#
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/4718.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
微信支付宝扫一扫,打赏作者吧~休息一下~~
官码2024000195号
萌ICP备20248119号
