ENSP Demo 015.1 IPSec_manual
sys
sys R3
int g0/0/0
ip add 12.0.0.2 8
int g0/0/1
ip add 23.0.0.2 8
int loopback 3
ip add 3.3.3.3 32
sys
sys R1
dhcp enable
acl 3000
rule 5 deny ip destination 172.16.10.0 0.0.0.255
rule 10 permit ip so 192.168.10.0 0.0.0.255
acl 3001
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
ip route-static 0.0.0.0 0 12.0.0.2
int g0/0/0
ip add 192.168.10.254 24
dhcp select interface
int g0/0/1
ip add 12.0.0.1 8
nat outbound 3000
q
ipsec proposal toR2
en tunnel
trans esp
esp au sha2-256
esp en aes-128
ipsec policy toR2 10 manual
sec acl 3001
proposal toR2
tunnel lo 12.0.0.1
tunnel remo 23.0.0.1
sa spi inbound esp 54321
sa spi outbound esp 12345
sa string-key inbound esp cipher zx123
sa string-key outbound esp cipher zx123
int g0/0/1
ipces policy toR2
sys
sys R2
dhcp enable
acl 3000
rule 5 deny ip destination 192.168.10.0 0.0.0.255
rule 10 permit ip so 172.16.10.0 0.0.0.255
acl 3001
rule 10 permit ip source 172.16.10.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
ip route-static 0.0.0.0 0 23.0.0.2
int g0/0/0
ip add 172.16.10.254 24
dhcp select interface
int g0/0/1
ip add 23.0.0.1 8
nat outbound 3000
q
ipsec proposal toR1
en tunnel
trans esp
esp au sha2-256
esp en aes-128
ipsec policy toR1 10 manual
sec acl 3001
proposal toR1
tunnel lo 23.0.0.1
tunnel remo 12.0.0.1
sa spi inbound esp 12345
sa spi outbound esp 54321
sa string-key inbound esp cipher zx123
sa string-key outbound esp cipher zx123
int g0/0/1
ipces policy toR1
手工模式比较简单,重点是把各种密码先规划好。。。。cipher加密之后到配置对端就忘记了,来回折腾了好久
分类:
华为ENSP各种实验
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 没有源码,如何修改代码逻辑?
· PowerShell开发游戏 · 打蜜蜂
· 在鹅厂做java开发是什么体验
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战