前言
看着网上杂乱无章的华三ipsec配置教程,自己做题的时候却又很难找,就记录一下吧
拓扑结构
R1,R3俩设备,通过S2/0相连,R1的IP为:14.0.0.13/30,R2的IP为:14.0.0.14/30
R1配置
ike keychain H3C match local address s2/0 // 匹配本地s2/0 pre-shared-key address x.x.x.x x.x.x.x key simple xxxxx // 配置ip,子网,密码 ike proposal 10 encryption-algorithm 3des-cbc // 使用3des-cbc加密 authentication-method pre-share // 使用预共享密钥 authentication-algorithm md5 // 使用md5验证 dh group2 ipsec transform-set H3C protocol ah-esp // 安全协议为ah-esp ah authentication-algorithm md5 // ah加密为md5 ike profile H3C keychain H3C match remote identity address x.x.x.x x.x.x.x proposal 10 ipsec policy fb 1 isakmp transform-set H3C security acl 3000 remote-address x.x.x.x ike-profile H3Cf ipsec policy fb 1 isakmp template H3C
R3配置
ike keychain H3C match local address s2/0 pre-shared-key address x.x.x.x x.x.x.x simple xxxx ike proposal 10 encryption-algorithm 3des-cbc authentication-method pre-share authentication-algorithm md5 dh group2 ipsec transform-set H3C protocol ah-esp ah authentication-algorithm md5 ike profile H3C keychain H3C match remote identity address x.x.x.x x.x.x.x proposal 10 ipsec policy-template H3C 1 // 创建一个模板 transform-set H3C security acl 3000 ike-profile H3C ipsec policy zb 1 isakmp template H3C
后记
欢迎大家指出问题之处,如有转载请注明出处
本文链接:https://www.bokro.cn/92.html