您现在的位置是:首页 > 运维网络杂文

华为如何建立IPSEC

阿龙2022-07-19【网络杂文】人已围观



1,建立静态路由表 R1和R3 ,都要做,图中我只展示R1 ,R3是反着来,还有IP地址这些我这里就不配了,比较简单,只重点讲配置IPSEC(提示:静态只要做一条缺省路由就可以了,下一跳指向公网网关)

2,配置R1   
acl number 3000  
 rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

ipsec proposal dome
 Encapsulation-mode tunnel-封装模式
 Esp authentication-algorithm ?-认证方法 
 Esp encryption-algorithm ?-加密算法


ipsec policy web 10 manual
 security acl 3000
 proposal dome
 tunnel local 100.1.1.1
 tunnel remote 120.1.1.1
 sa spi inbound esp 456123
 sa string-key inbound esp cipher haoren
 sa spi outbound esp 789456
 sa string-key outbound esp cipher haoren

interface GigabitEthernet0/0/1
ipsec policy web
3,配置R3  其实和R1是差不多的,有些是相反的.
acl number 3000  
 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

ipsec proposal dome
 Encapsulation-mode tunnel-封装模式
 Esp authentication-algorithm ?-认证方法 
 Esp encryption-algorithm ?-加密算法


ipsec policy web 10 manual
 security acl 3000
 proposal dome
 tunnel local 120.1.1.1
 tunnel remote 100.1.1.1
 sa spi inbound esp 789456
 sa string-key inbound esp cipher haoren
 sa spi outbound esp 456123
 sa string-key outbound esp cipher haoren

interface GigabitEthernet0/0/0
ipsec policy web
最后测试

 

Tags:VPN   IPSEC

很赞哦! ()