H3C通过IKE方式配置Ipsec vpn

/ 0评 / 1

前言

看着网上杂乱无章的华三ipsec配置教程,自己做题的时候却又很难找,就记录一下吧

拓扑结构

R1,R3俩设备,通过S2/0相连,R1的IP为:14.0.0.13/30,R2的IP为:14.0.0.14/30

R1配置

ike keychain H3C
match local address s2/0  // 匹配本地s2/0
pre-shared-key address x.x.x.x x.x.x.x key simple xxxxx  // 配置ip,子网,密码

ike proposal  10 
encryption-algorithm 3des-cbc  // 使用3des-cbc加密
authentication-method  pre-share  //  使用预共享密钥
authentication-algorithm  md5  // 使用md5验证
dh group2

ipsec transform-set H3C
protocol ah-esp  // 安全协议为ah-esp
ah authentication-algorithm md5  // ah加密为md5

ike profile H3C
keychain H3C
match remote identity address x.x.x.x x.x.x.x
proposal 10

ipsec policy fb 1 isakmp
transform-set H3C
security acl 3000
remote-address x.x.x.x
ike-profile H3Cf

ipsec policy fb 1 isakmp template H3C

R3配置

ike keychain H3C
match local address s2/0
pre-shared-key address x.x.x.x x.x.x.x simple xxxx

ike proposal  10 
encryption-algorithm 3des-cbc
authentication-method  pre-share 
authentication-algorithm  md5
dh group2

ipsec transform-set H3C
protocol ah-esp
ah authentication-algorithm md5

ike profile H3C
keychain H3C
match remote identity address x.x.x.x x.x.x.x
proposal 10

ipsec policy-template H3C 1  // 创建一个模板
transform-set H3C
security acl 3000
ike-profile H3C

ipsec policy zb 1 isakmp template H3C 

后记

欢迎大家指出问题之处,如有转载请注明出处
本文链接:https://www.bokro.cn/92.html