IPSec配置实验
实验拓扑
IPSec实验拓扑图如下:
实验思路
- 配置IP地址
- 配置路由
- 添加兴趣流
- IPSec安全提议
- ipsec配置
- 应用ipsec安全策略
1、配置接口下的IP地址,步骤省略。
2、配置路由
配置RouterA静态路由
1 2 | [RouterA]ip route-static 2.1.1.0 24 1.1.1.2[RouterA]ip route-static 10.1.2.0 24 1.1.1.2 |
配置RouterB静态路由
1 2 | [RouterB]ip route-static 10.1.1.0 255.255.255.0 2.1.1.2[RouterB]ip route-static 1.1.1.0 255.255.255.0 2.1.1.2 |
配置Internet静态路由
1 2 | ip route-static 10.1.2.0 255.255.255.0 2.1.1.1ip route-static 10.1.1.0 255.255.255.0 1.1.1.1 |
3、添加兴趣流
配置RouterA感兴趣流
1 2 | [RouterA]acl 3101[RouterA-acl-adv-3101]rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 |
配置RouterB感兴趣流
1 2 | [Huawei]acl 3101[Huawei-acl-adv-3101]rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255 |
4、IPSec安全提议
RouterA
1 2 3 4 | [RouterA]ipsec proposal tran1[RouterA-ipsec-proposal-tran1]encapsulation-mode tunnel [RouterA-ipsec-proposal-tran1]esp authentication-algorithm sha2-256[RouterA-ipsec-proposal-tran1]esp encryption-algorithm aes-128 |
RouterB
1 2 3 4 | [RouterB]ipsec proposal tran1[RouterB-ipsec-proposal-tran1]encapsulation-mode tunnel [RouterB-ipsec-proposal-tran1]esp authentication-algorithm sha2-256[RouterB-ipsec-proposal-tran1]esp encryption-algorithm aes-128 |
5、配置IPSec策略
RouterA
1 2 3 4 5 6 7 8 9 | [RouterA]ipsec policy map1 10 manual[RouterA-ipsec-policy-manual-map1-10]security acl 3101[RouterA-ipsec-policy-manual-map1-10]proposal tran1[RouterA-ipsec-policy-manual-map1-10]tunnel local 1.1.1.1[RouterA-ipsec-policy-manual-map1-10]tunnel remote 1.1.1.2[RouterA-ipsec-policy-manual-map1-10]sa spi inbound esp 54321[RouterA-ipsec-policy-manual-map1-10]sa string-key inbound esp cipher Huawei[RouterA-ipsec-policy-manual-map1-10]sa spi outbound esp 54321[RouterA-ipsec-policy-manual-map1-10]sa string-key outbound esp cipher Huawei |
RouterB
1 2 3 4 5 6 7 8 9 | [RouterB]ipsec policy use1 10 manual[RouterB-ipsec-policy-manual-use1-10]security acl 3101[RouterB-ipsec-policy-manual-use1-10]proposal tran1[RouterB-ipsec-policy-manual-use1-10]tunnel local 1.1.1.2[RouterB-ipsec-policy-manual-use1-10]tunnel remote 1.1.1.1[RouterB-ipsec-policy-manual-use1-10]sa spi inbound esp 54321[RouterB-ipsec-policy-manual-use1-10]sa string-key inbound esp cipher Huawei[RouterB-ipsec-policy-manual-use1-10]sa spi outbound esp 54321[RouterB-ipsec-policy-manual-use1-10]sa string-key outbound esp cipher Huawei |
6、应用ipsec安全策略
RouterA
1 2 | [RouterA]interface GigabitEthernet 0/0/0[RouterA-GigabitEthernet0/0/0]ipsec policy map1 |
RouterB
1 2 | [RouterB]interface GigabitEthernet 0/0/0[RouterB-GigabitEthernet0/0/0]ipsec policy use1 |
参考文档:
https://copyfuture.com/blogs-details/20200213183253997vax17yv4xnrzcwx
https://blog.csdn.net/caolongbin/article/details/126764302
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)