1 拓扑图
2 两个PC配置
3 RouterA配置
#
sysname RouterA
#
acl number 3101
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
#
ipsec proposal tran1
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-128
#
ipsec policy map1 10 manual
security acl 3101
proposal tran1
tunnel local 1.1.1.1
tunnel remote 2.1.1.1
sa spi inbound esp 54321
sa string-key inbound esp cipher %^%#JvZxR2g8c;a9~FPN~n'$7`DEV&=G(=Et02P/%\*!%^%#
sa spi outbound esp 12345
sa string-key outbound esp cipher %^%#K{JG:rWVHPMnf;5\|,GW(Luq'qi8BT4nOj%5W5=)%^%#
#
interface GigabitEthernet0/0/0
ip address 1.1.1.1 255.255.255.0
ipsec policy map1
#
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.0
#
ip route-static 2.1.1.0 255.255.255.0 1.1.1.2
ip route-static 10.1.2.0 255.255.255.0 1.1.1.2
#
return4 RouterB配置
#
sysname RouterB
#
acl number 3101
rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
ipsec proposal tran1
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-128
#
ipsec policy use1 10 manual
security acl 3101
proposal tran1
tunnel local 2.1.1.1
tunnel remote 1.1.1.1
sa spi inbound esp 12345
sa string-key inbound esp cipher %^%#IRFGEiFPJ1$&a'Qy,L*XQL_+*Grq-=yMb}ULZdS6%^%#
sa spi outbound esp 54321
sa string-key outbound esp cipher %^%#(3fr1!&6O=)!GN#~{)n,2fq>4#4+%;lMTs5(]:c)%^%#
#
interface GigabitEthernet0/0/0
ip address 2.1.1.1 255.255.255.0
ipsec policy use1
#
interface GigabitEthernet0/0/1
ip address 10.1.2.1 255.255.255.0
#
ip route-static 1.1.1.0 255.255.255.0 2.1.1.2
ip route-static 10.1.1.0 255.255.255.0 2.1.1.2
#
return5 Internet配置
#
sysname Internet
#
interface GigabitEthernet 0/0/1
ip address 2.1.1.2 255.255.255.0
#
interface GigabitEthernet 0/0/0
ip address 1.1.1.2 255.255.255.0
#
ip route-static 10.1.2.0 255.255.255.0 2.1.1.1
ip route-static 10.1.1.0 255.255.255.0 1.1.1.1
#
return
注:本例子参照了华为的配置示例,不算全部原创,只是记录下给需要的人参考。
来源:51CTO
作者:Alyoyojie
链接:https://blog.51cto.com/antivirusjo/2470941