H3C配置IPSEC ×××

发布时间:2019-08-21 07:49:47编辑:auto阅读(1796)

    H3C配置IPSEC ×××思路跟思科差不多,无非就是命令不一样的,下面就演示一下

    拓扑:

    121001321.png

    RT1背后有个1.1.1.1网段,RT3背后有个3.3.3.3网段,ISP没有这两条路由


    RT2:

    <RT2>system-view

    System View: return to User View with Ctrl+Z.

    [RT2]int g0/0/0

    [RT2-GigabitEthernet0/0/0]ip add 12.1.1.2 24

    [RT2-GigabitEthernet0/0/0]quit

    [RT2]int g0/0/1

    [RT2-GigabitEthernet0/0/1]ip add 23.1.1.2 24

    [RT2-GigabitEthernet0/0/1]quit


    RT1:

    acl number 3000
    rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 3.3.3.0 0.0.0.255

    ike proposal 1
    encryption-algorithm 3des-cbc
    authentication-algorithm md5
    authentication-metod pre-share
    dh group2
    ike peer cisco
    id-type ip
    pre-shared-key simple cisco
    remote-address 23.1.1.3
    local-address 12.1.1.1
    #
    ipsec proposal cisco
    transform esp
    esp authentication-algorithm md5
    esp encryption-algorithm 3des
    ipsec policy cisco 10 isakmp
    security acl 3000
    ike-peer cisco
    proposal cisco

    int g0/0/0
    ipsec policy cisco


    ip route-static 0.0.0.0 0.0.0.0 12.1.1.2


    RT3:

    acl number 3000
    rule 0 permit ip source 3.3.3.0 0.0.0.255 destination 1.1.1.0 0.0.0.255

    ike proposal 1
    encryption-algorithm 3des-cbc
    authentication-algorithm md5
    authentication-metod pre-share
    dh group2
    ike peer cisco
    id-type ip
    pre-shared-key simple cisco
    remote-address 12.1.1.1
    local-address 23.1.1.3
    #
    ipsec proposal cisco
    transform esp
    esp authentication-algorithm md5
    esp encryption-algorithm 3des
    ipsec policy cisco 10 isakmp
    security acl 3000
    ike-peer cisco
    proposal cisco

    int g0/0/1
    ipsec policy cisco


    ip route-static 0.0.0.0 0.0.0.0 23.1.1.2


    效果:

    123018194.png




关键字

上一篇: python学习系列--python内置

下一篇: ×××3