通信人家园

标题: ip-sec隧道VPN配置 [查看完整版帖子] [打印本页]

时间: 2025-7-29 16:58

作者: wenxixi 标题: ip-sec隧道VPN配置

1、配置对等体和remote
[RouterA]ike peer spub  #---配置对等体名称为spub[RouterA-ike-peer-spub]undo version 2 #---取消对IKEv2版本的支持[RouterA-ike-peer-spub] pre-shared-key simple huawei #---配置预共享密钥认证方法的共享密钥为huawei，两端的密钥必须一致[RouterA-ike-peer-spub] remote-address 202.138.162.1 #---配置对端IPSec端点IP地址为202.138.162.1[RouterA-ike-peer-spub] quit[RouterB] ike peer spua[RouterB-ike-peer-spub] undo version 2[RouterB-ike-peer-spua] pre-shared-key simple huawei[RouterB-ike-peer-spua] remote-address 202.138.163.1[RouterB-ike-peer-spua] quit

2、建立安全策略
[RouterA]ipsec policy client 10 isakmp #---创建名为client，序号为10的安全策略
[RouterA-ipsec-policy-isakmp-client-10]ike-peer spub  #---指定对等体名称为spub
[RouterA-ipsec-policy-isakmp-client-10]proposal pro1  #---引用前面已创建的IPSec安全提议pro1
[RouterA-ipsec-policy-isakmp-client-10]security acl 3100  #---引用前面已定义的用于指定需要保护数据流的ACL 3100
[RouterA-ipsec-policy-isakmp-client-10] quit

[RouterB] ipsec policy server 10 isakmp
[RouterB-ipsec-policy-isakmp-server-10] ike-peer spua
[RouterB-ipsec-policy-isakmp-server-10] proposal pro1
[RouterB-ipsec-policy-isakmp-server-10] security acl 3100
[RouterB-ipsec-policy-isakmp-server-10] quit

3、接口上启用安全策略
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ipsec policy client
[RouterA-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ipsec policy server
[RouterB-GigabitEthernet1/0/0] quit

时间: 2025-7-29 19:51

作者: 不吹不黑

很详细啊！

通信人家园 (https://www.txrjy.com/)