查看: 492|回复: 1

[高速以太网] ip-sec隧道VPN配置 [复制链接]

wenxixi

军衔等级：

新兵

注册：2025-3-7

电梯直达

1^# 大中小

发表于 2025-7-29 16:58:23 |只看该作者 |倒序浏览

1、配置对等体和remote
[RouterA]ike peer spub  #---配置对等体名称为spub[RouterA-ike-peer-spub]undo version 2 #---取消对IKEv2版本的支持[RouterA-ike-peer-spub] pre-shared-key simple huawei #---配置预共享密钥认证方法的共享密钥为huawei，两端的密钥必须一致[RouterA-ike-peer-spub] remote-address 202.138.162.1 #---配置对端IPSec端点IP地址为202.138.162.1[RouterA-ike-peer-spub] quit[RouterB] ike peer spua[RouterB-ike-peer-spub] undo version 2[RouterB-ike-peer-spua] pre-shared-key simple huawei[RouterB-ike-peer-spua] remote-address 202.138.163.1[RouterB-ike-peer-spua] quit

2、建立安全策略
[RouterA]ipsec policy client 10 isakmp #---创建名为client，序号为10的安全策略
[RouterA-ipsec-policy-isakmp-client-10]ike-peer spub  #---指定对等体名称为spub
[RouterA-ipsec-policy-isakmp-client-10]proposal pro1  #---引用前面已创建的IPSec安全提议pro1
[RouterA-ipsec-policy-isakmp-client-10]security acl 3100  #---引用前面已定义的用于指定需要保护数据流的ACL 3100
[RouterA-ipsec-policy-isakmp-client-10] quit

[RouterB] ipsec policy server 10 isakmp
[RouterB-ipsec-policy-isakmp-server-10] ike-peer spua
[RouterB-ipsec-policy-isakmp-server-10] proposal pro1
[RouterB-ipsec-policy-isakmp-server-10] security acl 3100
[RouterB-ipsec-policy-isakmp-server-10] quit

3、接口上启用安全策略
[RouterA] interface gigabitethernet 1/0/0
[RouterA-GigabitEthernet1/0/0] ipsec policy client
[RouterA-GigabitEthernet1/0/0] quit
[RouterB] interface gigabitethernet 1/0/0
[RouterB-GigabitEthernet1/0/0] ipsec policy server
[RouterB-GigabitEthernet1/0/0] quit

本主题由版主或管理员于 2025-7-29 16:59 审核通过

0 举报本楼

本帖有 1 个回帖，您需要登录后才能浏览登录 | 注册

返回列表

版规|手机版|C114 ( 沪ICP备12002291号-1 )|联系我们 |网站地图

GMT+8, 2025-7-31 15:04 , Processed in 0.171332 second(s), 18 queries , Gzip On.

Discuz Licensed

		自动登录	找回密码
密码			注册

[高速以太网] ip-sec隧道VPN配置 [复制链接]

浏览过的帖子

浏览过的版块