H3C配置IPSEC ×××
H3C配置IPSEC ×××思路跟思科差不多,无非就是命令不一样的,下面就演示一下
拓扑:
RT1背后有个1.1.1.1网段,RT3背后有个3.3.3.3网段,ISP没有这两条路由
RT2:
<RT2>system-view
System View: return to User View with Ctrl+Z.
[RT2]int g0/0/0
[RT2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[RT2-GigabitEthernet0/0/0]quit
[RT2]int g0/0/1
[RT2-GigabitEthernet0/0/1]ip add 23.1.1.2 24
[RT2-GigabitEthernet0/0/1]quit
RT1:
acl number 3000
rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 3.3.3.0 0.0.0.255
ike proposal 1
encryption-algorithm 3des-cbc
authentication-algorithm md5
authentication-metod pre-share
dh group2
ike peer cisco
id-type ip
pre-shared-key simple cisco
remote-address 23.1.1.3
local-address 12.1.1.1
#
ipsec proposal cisco
transform esp
esp authentication-algorithm md5
esp encryption-algorithm 3des
ipsec policy cisco 10 isakmp
security acl 3000
ike-peer cisco
proposal cisco
int g0/0/0
ipsec policy cisco
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
RT3:
acl number 3000
rule 0 permit ip source 3.3.3.0 0.0.0.255 destination 1.1.1.0 0.0.0.255
ike proposal 1
encryption-algorithm 3des-cbc
authentication-algorithm md5
authentication-metod pre-share
dh group2
ike peer cisco
id-type ip
pre-shared-key simple cisco
remote-address 12.1.1.1
local-address 23.1.1.3
#
ipsec proposal cisco
transform esp
esp authentication-algorithm md5
esp encryption-algorithm 3des
ipsec policy cisco 10 isakmp
security acl 3000
ike-peer cisco
proposal cisco
int g0/0/1
ipsec policy cisco
ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
效果:
