使用IPSec虚拟隧道接口建立IPSec安全隧道-白红宇

使用IPSec虚拟隧道接口建立IPSec安全隧道

阅读量：6936 次

发布时间：2019-06-27

本文共 2460 字，大约阅读时间需要 8 分钟。

实验TOP：

RT1的配置：

==================================

<H3C>sy

[H3C]int g0/1/0

[H3C-GigabitEthernet0/1/0]ip add 192.168.1.2 255.255.255.0

[H3C-GigabitEthernet0/1/0]un shut

[H3C-GigabitEthernet0/1/0]quit

[H3C]int g0/1/1

[H3C-GigabitEthernet0/1/1]ip add 192.168.2.1 255.255.255.0

[H3C-GigabitEthernet0/1/1]un shut

[H3C-GigabitEthernet0/1/1]quit

[H3C]ike local-name rt1

[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.2.2

[H3C]ike peer peer1

[H3C-ike-peer-peer1]pre-shared-key simple abcde

[H3C-ike-peer-peer1]id-type name

[H3C-ike-peer-peer1]remote-name rt2

[H3C-ike-peer-peer1]quit

[H3C]ipsec proposal kalng

[H3C-ipsec-proposal-kalng]encapsulation-mode tunnel

[H3C-ipsec-proposal-kalng]transform esp

[H3C-ipsec-proposal-kalng]esp encryption-algorithm des

[H3C-ipsec-proposal-kalng]esp authentication-algorithm md5

[H3C-ipsec-proposal-kalng]quit

[H3C]ipsec profile abc （安全框架）

[H3C-ipsec-profile-abc]ike-peer peer1

[H3C-ipsec-profile-abc]proposal kalng

[H3C-ipsec-profile-abc]quit

[H3C]int Tunnel 1 （虚拟接口）

[H3C-Tunnel1]ip address 172.16.1.1 255.255.255.0

[H3C-Tunnel1]tunnel-protocol ipsec ipv4

[H3C-Tunnel1]source g0/1/1

[H3C-Tunnel1]destination 192.168.3.2

[H3C-Tunnel1]ipsec profile abc

[H3C-ipsec-profile-abc]quit

[H3C]

RT2配置：

=====================================================

<H3C>sy

[H3C]int g0/1/0

[H3C-GigabitEthernet0/1/0]ip add 192.168.3.2 255.255.255.0

[H3C-GigabitEthernet0/1/0]un shu

[H3C-GigabitEthernet0/1/0]quit

[H3C]int g0/1/1

[H3C-GigabitEthernet0/1/1]ip add 192.168.4.1 255.255.255.0

[H3C-GigabitEthernet0/1/1]un shu

[H3C-GigabitEthernet0/1/1]quit

[H3C]ike local-name rt2

[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

[H3C]ike peer peer2

[H3C-ike-peer-peer2]pre-shared-key simple abcde

[H3C-ike-peer-peer2]id-type name

[H3C-ike-peer-peer2]remote-name rt1

[H3C-ike-peer-peer2]quit

[H3C]ipsec proposal kalng

[H3C-ipsec-proposal-kalng]encapsulation-mode tunnel

[H3C-ipsec-proposal-kalng]transform esp

[H3C-ipsec-proposal-kalng]esp encryption-algorithm des

[H3C-ipsec-proposal-kalng]esp authentication-algorithm md5

[H3C-ipsec-proposal-kalng]quit

[H3C]ipsec profile abc

[H3C-ipsec-profile-abc]ike-peer peer2

[H3C-ipsec-profile-abc]proposal kalng

[H3C-ipsec-profile-abc]quit

[H3C]int Tunnel 1

[H3C-Tunnel1]ip address 172.16.1.2 255.255.255.0

[H3C-Tunnel1]tunnel-protocol ipsec ipv4

[H3C-Tunnel1]source g0/1/0

[H3C-Tunnel1]destination 192.168.2.1

[H3C-Tunnel1]ipsec profile abc

[H3C-ipsec-profile-abc]quit

[H3C]

转载于:https://blog.51cto.com/kalng/826630

你可能感兴趣的文章