ROS IPsec L2L ×××搭建:

测试环境:

Side-One

    PC-ONE:

        192.168.214.10

        255.255.255.0

        192.168.214.20

    Router-One:

        Ether1:10.10.0.1

        Ether2:192.168.214.20

Side-Two

    PC-TWO:

        172.16.100.10

        255.255.255.0

        172.16.100.20

    Router-Two:

        Ether1:10.20.0.1

        Ether2:172.16.100.20

ROS IPsec L2L VPN搭建_L2L

环境搭建:

Router-One:

ip ipsec peer add address=10.20.0.1 secret=123
ip ipsec policy add src-address=192.168.214.0/24 dst-address=172.16.100.0/24 sa-src-address=10.10.0.1 sa-dst-address=10.20.0.1 tunnel=yes
ip firewall nat add action=accept chain=srcnat disabled=no dst-address=172.16.100.0/24 src-address=192.168.214.0/24

Router-Two:

ip ipsec peer add address=10.10.0.1 secret=123
ip ipsec policy add src-address=172.16.100.0/24 dst-address=192.168.214.0/24 sa-src-address=10.20.0.1 sa-dst-address=10.10.0.1 tunnel=yes
ip firewall nat add action=accept chain=srcnat disabled=no dst-address=192.168.214.0/24 src-address=172.16.100.0/24

两端路由器的加密算法和散列等配置都必须相同

测试结果:

ROS IPsec L2L VPN搭建_IPsec_02

建立成功

ROS IPsec L2L VPN搭建_L2L_03

通讯成功

总结:测试用ROS为5.25版本,至撰文日,版本已经到6.33,新版本加入了许多新的功能,更为强大。电信服务可能需要联系ISP开通×××才能正常通信。