华为IPSec VPN手工建立隧道配置

拓扑说明:本次实验只是AR1-AR2之间建立IPsec VPN,手工配置协商密钥。最终达到AR1环回口可以通过加密的方式访问AR2的环回口。配置如下:

AR1:

#
 sysname AR1
#
acl number 3000  
 rule 5 permit ip source 1.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255 
#
ipsec proposal AAA
 esp encryption-algorithm 3des
#
ipsec policy AAA 1 manual
 security acl 3000
 proposal AAA
 tunnel local 202.100.1.1
 tunnel remote 202.100.2.2
 sa spi inbound esp 12345
 sa string-key inbound esp simple arssra
 sa spi outbound esp 54321
 sa string-key outbound esp simple huawei
#
interface GigabitEthernet0/0/0
 ip address 202.100.1.1 255.255.255.0 
 ipsec policy AAA
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
ip route-static 0.0.0.0 0.0.0.0 202.100.1.100
#

AR2:

#
 sysname AR2
#
acl number 3000  //这里是用来SDP中调用的ACL
 rule 5 permit ip source 2.2.2.2 0 destination 1.1.1.1 0 
#
ipsec proposal AAA
 esp encryption-algorithm 3des
#
ipsec policy AAA 1 manual
 security acl 3000
 proposal AAA
 tunnel local 202.100.2.2
 tunnel remote 202.100.1.1
 sa spi inbound esp 54321
 sa string-key inbound esp simple huawei
 sa spi outbound esp 12345
 sa string-key outbound esp simple arssra
#
interface GigabitEthernet0/0/0
 ip address 202.100.2.2 255.255.255.0 
 ipsec policy AAA
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
#
ip route-static 0.0.0.0 0.0.0.0 202.100.2.100
#

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据