H3C V7 ispec最基础配置
一:目的:100.1.1.1与200.1.1.2建立ipsec隧道。
二:配置基本命令
1 配置acl :
acl advanced 3000
rule permit ip source 192.168.0.1 0 destination 10.0.0.1 0
2创建IPsec安全提议
ipsec transform-set tran
encapsulation-mode tunnel
protocol esp
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm sha1
3创建IKE keychain
ike keychain test
pre-shared-key address 200.1.1.2 255.255.255.0 key simple 123456
4创建IKE提议
ike proposal 100
encryption-algorithm 3des-cbc
authentication-method pre-share
authentication-algorithm md5
dh group1
5创建IKE profile
ike profile profile1
keychain test
local-identity address 100.1.1.1
match remote identity address 200.1.1.2 255.255.255.0
proposal 100
6创建一条IKE协商方式的IPsec安全策略
ipsec policy test 10 isakmp
remote-address 200.1.1.2
security acl 3000
transform-set tran
ike-profile profile1
7接口应用:
int g0/0
ipsec apply policy test
另端设备镜像配置即可。
三:抓包:
esp数据包:
页:
[1]