前言
看着网上杂乱无章的华三ipsec配置教程,自己做题的时候却又很难找,就记录一下吧
拓扑结构
R1,R3俩设备,通过S2/0相连,R1的IP为:14.0.0.13/30,R2的IP为:14.0.0.14/30
R1配置
ike keychain H3C
match local address s2/0 // 匹配本地s2/0
pre-shared-key address x.x.x.x x.x.x.x key simple xxxxx // 配置ip,子网,密码
ike proposal 10
encryption-algorithm 3des-cbc // 使用3des-cbc加密
authentication-method pre-share // 使用预共享密钥
authentication-algorithm md5 // 使用md5验证
dh group2
ipsec transform-set H3C
protocol ah-esp // 安全协议为ah-esp
ah authentication-algorithm md5 // ah加密为md5
ike profile H3C
keychain H3C
match remote identity address x.x.x.x x.x.x.x
proposal 10
ipsec policy fb 1 isakmp
transform-set H3C
security acl 3000
remote-address x.x.x.x
ike-profile H3Cf
ipsec policy fb 1 isakmp template H3CR3配置
ike keychain H3C
match local address s2/0
pre-shared-key address x.x.x.x x.x.x.x simple xxxx
ike proposal 10
encryption-algorithm 3des-cbc
authentication-method pre-share
authentication-algorithm md5
dh group2
ipsec transform-set H3C
protocol ah-esp
ah authentication-algorithm md5
ike profile H3C
keychain H3C
match remote identity address x.x.x.x x.x.x.x
proposal 10
ipsec policy-template H3C 1 // 创建一个模板
transform-set H3C
security acl 3000
ike-profile H3C
ipsec policy zb 1 isakmp template H3C 后记
欢迎大家指出问题之处,如有转载请注明出处
本文链接:https://www.bokro.cn/92.html