华为IPsec Over GRE配置

拓扑说明:AR1、AR3之间建立GRE隧道,使用Ipsec 的transport模式加密。最终PC1可以PING通PC2

AR1:

#
 sysname AR1
#
acl number 3000  
 rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
ipsec proposal AAA
 encapsulation-mode transport
#
ike proposal 1
#
ike peer AAA v1
 pre-shared-key simple huawei
 ike-proposal 1
 local-address 10.0.12.1
 remote-address 10.0.23.3
#
ipsec policy AAA 1 isakmp
 security acl 3000
 ike-peer AAA
 proposal AAA
#
interface GigabitEthernet0/0/0
 ip address 10.0.12.1 255.255.255.0 
 ipsec policy AAA
#
interface GigabitEthernet0/0/1
 ip address 192.168.1.254 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 172.16.0.1 255.255.255.0 
 tunnel-protocol gre
 source 10.0.12.1
 destination 10.0.23.3
#
ip route-static 0.0.0.0 0.0.0.0 10.0.12.2
ip route-static 192.168.2.0 255.255.255.0 Tunnel0/0/0
#

AR3:

#
 sysname AR3
#
acl number 3000  
 rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
ipsec proposal AAA
 encapsulation-mode transport
#
ike proposal 1
#
ike peer AAA v1
 pre-shared-key simple huawei
 ike-proposal 1
 local-address 10.0.23.3
 remote-address 10.0.12.1
#
ipsec policy AAA 1 isakmp
 security acl 3000
 ike-peer AAA
 proposal AAA
#
interface GigabitEthernet0/0/0
 ip address 10.0.23.3 255.255.255.0 
 ipsec policy AAA
#
interface GigabitEthernet0/0/1
 ip address 192.168.2.254 255.255.255.0 
#
interface Tunnel0/0/0
 ip address 172.16.0.2 255.255.255.0 
 tunnel-protocol gre
 source 10.0.23.3
 destination 10.0.12.1
#
ip route-static 0.0.0.0 0.0.0.0 10.0.23.2
ip route-static 192.168.1.0 255.255.255.0 Tunnel0/0/0
#

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据