华为的IPsec ×××（野蛮模式）

精选转载

anzhilengye 2014-03-06 14:34:05 博主文章分类：Network

文章标签 华为路由交换 文章分类 网络安全

A端设备

# 配置名为tran1 的IPSec 提议。

[Eudemon A] ipsec proposal tran1

[Eudemon A-ipsec-proposal-tran1] transform esp

[Eudemon A-ipsec-proposal-tran1] encapsulation-mode tunnel

[Eudemon A-ipsec-proposal-tran1] esp authentication-algorithm md5

[Eudemon A-ipsec-proposal-tran1] esp encryption-algorithm des

[Eudemon A-ipsec-proposal-tran1] quit

# 创建IKE 提议10。

[Eudemon A] ike proposal 10

[Eudemon A-ike-proposal-10] authentication-method pre-share

[Eudemon A-ike-proposal-10] authentication-algorithm md5

[Eudemon A-ike-proposal-10] sa duration 5000

[Eudemon A-ike-proposal-10] quit

# 进入IKE Peer 视图。

[Eudemon A] ike local-name E100

[Eudemon A] ike peer a

# 引用IKE 安全提议。

[Eudemon A-ike-peer-a] ike-proposal 10

[Eudemon A-ike-peer-a] exchange-mode aggressive

[Eudemon A-ike-peer-a] local-id-type name

[Eudemon A-ike-peer-a] local-address 202.39.169.1

[Eudemon A-ike-peer-a] local-name E100

[Eudemon A-ike-peer-a] remote-name E200

[Eudemon A-ike-peer-a] pre-shared-key abcde

[Eudemon A-ike-peer-a] quit

# 创建安全策略。

[Eudemon A] ipsec policy map1 10 isakmp

[Eudemon A-ipsec-policy-isakmp-map1-10] ike-peer a

[Eudemon A-ipsec-policy-isakmp-map1-10] proposal tran1

[Eudemon A-ipsec-policy-isakmp-map1-10] security acl 3000

[Eudemon A-ipsec-policy-isakmp-map1-10] quit

# 进入以太网接口视图。

[Eudemon A] interface Ethernet 0/0/0

[Eudemon A-Ethernet0/0/0] ipsec policy map1

[Eudemon A-Ethernet0/0/0]quit

B端设备(ADSL拨号)

# 配置名为tran1 的IPSec 提议。

[Eudemon B] ipsec proposal tran1

[Eudemon B-ipsec-proposal-tran1] transform esp

[Eudemon B-ipsec-proposal-tran1] encapsulation-mode tunnel

[Eudemon B-ipsec-proposal-tran1] esp authentication-algorithm md5

[Eudemon B-ipsec-proposal-tran1] esp encryption-algorithm des

[Eudemon B-ipsec-proposal-tran1] quit

# 创建号码为10 的IKE 提议。

[Eudemon B] ike proposal 10

[Eudemon B-ike-proposal-10] authentication-method pre-share

[Eudemon B-ike-proposal-10] authentication-algorithm md5

[Eudemon B-ike-proposal-10] sa duration 5000

[Eudemon B-ike-proposal-10] quit

# 创建名为a 的IKE Peer。

[Eudemon B] ike local-name E200

[Eudemon B] ike peer a

[Eudemon B-ike-peer-a] ike-proposal 10

[Eudemon B-ike-peer-a] exchange-mode aggressive

[Eudemon B-ike-peer-a] local-id-type name

[Eudemon B-ike-peer-a] remote-address 0.0.0.0

[Eudemon B-ike-peer-a] remote-name E100

[Eudemon B-ike-peer-a] local-name E200

[Eudemon B-ike-peer-a] pre-shared-key abcde

[Eudemon B-ike-peer-a] quit

# 创建IPSec 策略。

[Eudemon B] ipsec policy map1 10 isakmp

[Eudemon B-ipsec-policy-isakmp-map1-10] ike-peer a

[Eudemon B-ipsec-policy-isakmp-map1-10] proposal tran1

[Eudemon B-ipsec-policy-isakmp-map1-10] security acl 3000

[Eudemon B-ipsec-policy-isakmp-map1-10] quit

# 进入以太网接口视图。

[Eudemon B] interface Ethernet 0/0/0

[Eudemon B-Ethernet0/0/0] ipsec policy map1

上一篇：华为的IPsec ×××主模式(MAIN mode)

下一篇：交换机IEEE 802.1Q、VLAN ID、QoS之间的关系

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯

华为的IPsec ×××（野蛮模式）

华为的IPsec ×××（野蛮模式）

51CTO博客