IPSec实验配置

原创

想什么就做 2021-07-30 22:08:04 ©著作权

文章标签 IPSec实验 文章分类 运维

©著作权归作者所有：来自51CTO博客作者想什么就做的原创作品，请联系作者获取转载授权，否则将追究法律责任

IPSec实验配置

AR5

<Huawei>sys [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip ad 10.1.1.2 24 [Huawei-GigabitEthernet0/0/0]int e0/0/1 [Huawei-GigabitEthernet0/0/1]ip add 20.1.1.1 24
[Huawei-GigabitEthernet0/0/1]q [Huawei]ip route-static 192.168.1.0 24 10.1.1.1 [Huawei]ip route-static 192.168.2.0 24 20.1.1.2

AR4

<Huawei>sys [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip ad 192.168.1.254 24 [Huawei-GigabitEthernet0/0/0]int g0/0/1 [Huawei-GigabitEthernet0/0/1]ip ad 10.1.1.1 24 [Huawei-GigabitEthernet0/0/1]q [Huawei]ip route-static 192.168.2.0 24 10.1.1.2 [Huawei]ip route-static 20.1.1.0 24 10.1.1.2 [Huawei]ipsec proposal ipsec [Huawei-ipsec-proposal-ipsec]q [Huawei]alc 3000 [Huawei-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255 [Huawei-acl-adv-3000]q [Huawei]ipsec policy huawei 10 manual #配置ipsec策略 [Huawei-ipsec-policy-manual-huawei-10]security acl 3000 #设置被保护的数据流 [Huawei-ipsec-policy-manual-huawei-10]proposal ipsec [Huawei-ipsec-policy-manual-huawei-10]sa spi inbound esp 12345 [Huawei-ipsec-policy-manual-huawei-10]sa spi outbound esp 54321 [Huawei-ipsec-policy-manual-huawei-10]sa string-key inbound esp cipher huawei [Huawei-ipsec-policy-manual-huawei-10]sa string-key outbound esp cipher huawei [Huawei-ipsec-policy-manual-huawei-10]tunnel local 10.1.1.1 [Huawei-ipsec-policy-manual-huawei-10]tunnel remote 20.1.1.2 [Huawei-ipsec-policy-manual-huawei-10]q [Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]ipsec policy huawei 10 [Huawei-GigabitEthernet0/0/1]q [Huawei]q <Huawei>save

AR6

<Huawei>sys [Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]ip ad 192.168.2.254 24 [Huawei-GigabitEthernet0/0/1]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip ad 20.1.1.2 24 [Huawei-GigabitEthernet0/0/0]q [Huawei]ip route-static 192.168.1.0 24 20.1.1.1 [Huawei]ip route-static 10.1.1.0 24 20.1.1.1 [Huawei]ipsec proposal ipsec [Huawei-ipsec-proposal-ipsec]q [Huawei]alc 3000 [Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 [Huawei-acl-adv-3000]q [Huawei]ipsec policy huawei 10 manual #配置ipsec策略 [Huawei-ipsec-policy-manual-huawei-10]security acl 3000 #设置被保护的数据流 [Huawei-ipsec-policy-manual-huawei-10]proposal ipsec [Huawei-ipsec-policy-manual-huawei-10]sa spi inbound esp 54321 [Huawei-ipsec-policy-manual-huawei-10]sa spi outbound esp 12345 [Huawei-ipsec-policy-manual-huawei-10]sa string-key inbound esp cipher huawei [Huawei-ipsec-policy-manual-huawei-10]sa string-key outbound esp cipher huawei [Huawei-ipsec-policy-manual-huawei-10]tunnel local 20.1.1.2 [Huawei-ipsec-policy-manual-huawei-10]tunnel remote 10.1.1.1 [Huawei-ipsec-policy-manual-huawei-10]q [Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ipsec policy huawei 10 [Huawei-GigabitEthernet0/0/0]q [Huawei]q <Huawei>save