华为 IPsec-L2LVPN
作者:互联网
[R1]acl 3000 定义数据流(内网业务流量)
[R1-acl-adv-3000]rule 5 permit ip source 1.1.1.0 0.0.0.255 destination 3.3.3.0 0.0.0.255
[R1-acl-adv-3000]quit
[R1]
[R1]ipsec proposal PRO 配置IPsec安全协议(IPsec第一阶段的安全策略)
[R1-ipsec-proposal-PRO]esp authentication-algorithm sha2-256 使用esp,认证用sha2-256
[R1-ipsec-proposal-PRO]esp encryption-algorithm aes-128 使用esp,加密用aes-128
[R1]ike proposal 5 配置IKE的安全提议
[R1-ike-proposal-5]encryption-algorithm aes-cbc-128 IKE的加密是aes128
[R1-ike-proposal-5]authentication-algorithm sha1 认证sha1
[R1-ike-proposal-5]dh group14 dh算法是group14
[R1]ike peer R3 v1 配置IKE的对等体
[R1-ike-peer-R3]ike-proposal 5 调用IKE安全提议
[R1-ike-peer-R3]pre-shared-key cipher huawei 配置预共享密钥为huawei
[R1-ike-peer-R3]remote-address 23.1.1.3 配置对等体地址23.1.1.3
[R1]ipsec policy L2L 10 isakmp 创建安全策略为L2L
[R1-ipsec-policy-isakmp-L2L-10]ike-peer R3 调用对等体
[R1-ipsec-policy-isakmp-L2L-10]proposal PRO 调用IPsec安全协议
[R1-ipsec-policy-isakmp-L2L-10]security acl 3000 调用数据流
[R1-GigabitEthernet0/0/0]ipsec policy L2L 在接口应用全策略L2L
标签:L2LVPN,R1,L2L,华为,ike,peer,proposal,ipsec,IPsec 来源: https://blog.csdn.net/weixin_42862151/article/details/99999357