ENSP Demo 015.1 IPSec_manual
sys
sys R3
int g0/0/0
ip add 12.0.0.2 8
int g0/0/1
ip add 23.0.0.2 8
int loopback 3
ip add 3.3.3.3 32sys
sys R1
dhcp enable
acl 3000
rule 5 deny ip destination 172.16.10.0 0.0.0.255
rule 10 permit ip so 192.168.10.0 0.0.0.255
acl 3001
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
ip route-static 0.0.0.0 0 12.0.0.2
int g0/0/0
ip add 192.168.10.254 24
dhcp select interface
int g0/0/1
ip add 12.0.0.1 8
nat outbound 3000
q
ipsec proposal toR2
en tunnel
trans esp
esp au sha2-256
esp en aes-128
ipsec policy toR2 10 manual
sec acl 3001
proposal toR2
tunnel lo 12.0.0.1
tunnel remo 23.0.0.1
sa spi inbound esp 54321
sa spi outbound esp 12345
sa string-key inbound esp cipher zx123
sa string-key outbound esp cipher zx123
int g0/0/1
ipces policy toR2sys
sys R2
dhcp enable
acl 3000
rule 5 deny ip destination 192.168.10.0 0.0.0.255
rule 10 permit ip so 172.16.10.0 0.0.0.255
acl 3001
rule 10 permit ip source 172.16.10.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
ip route-static 0.0.0.0 0 23.0.0.2
int g0/0/0
ip add 172.16.10.254 24
dhcp select interface
int g0/0/1
ip add 23.0.0.1 8
nat outbound 3000
q
ipsec proposal toR1
en tunnel
trans esp
esp au sha2-256
esp en aes-128
ipsec policy toR1 10 manual
sec acl 3001
proposal toR1
tunnel lo 23.0.0.1
tunnel remo 12.0.0.1
sa spi inbound esp 12345
sa spi outbound esp 54321
sa string-key inbound esp cipher zx123
sa string-key outbound esp cipher zx123
int g0/0/1
ipces policy toR1手工模式比较简单,重点是把各种密码先规划好。。。。cipher加密之后到配置对端就忘记了,来回折腾了好久
分类:
华为ENSP各种实验
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!