1.配置R1、R3ACL感兴趣流
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
[R3]acl 3000
[R3-acl-adv-3000]rule permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
2.R1创建IKE安全提议
[R1]ike proposal 1
[R1-ike-proposal-1]dh group2
[R1-ike-proposal-1]encryption-algorithm 3des-cbc
//3des-cbc加密算法
[R1-ike-proposal-1]authentication-algorithm md5
//md5认证算法
3.R1创建IKE对等体配置
[R1]ike peer dsrwa v1
[R1-ike-peer-spua]ike-proposal 1
//引用IKE安全提议dsrw
[R1-ike-peer-spua]pre-shared-key cipher dsrw.com
//设置密钥为dsrw.com
[R1-ike-peer-spua]remote-address 23.1.1.3
//配置隧道远端地址
4.创建R1的IPsec提议
[R1]ipsec proposal dsrw
//IPsec提议dsrw
[R1-ipsec-proposal-dsrw]encapsulation-mode tunnel
//封装模式为隧道模式
[R1-ipsec-proposal-dsrw]esp encryption-algorithm 3des
//esp加密算法3des
[R1-ipsec-proposal-dsrw]esp authentication-algorithm sha2-256
//esp认证算法sha2-256
5.R1配置ipsec安全策略
[R1]ipsec policy dsrw.com 10 isakmp
[R1-ipsec-policy-isakmp-dsrw.com-10]security acl 3000
[R1-ipsec-policy-isakmp-dsrw.com-10]ike-peer dsrwa
[R1-ipsec-policy-isakmp-dsrw.com-10]proposal dsrw
6.在接口应用ipsec安全策略
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ipsec policy dsrw.com
7.R3创建IKE安全提议
[R3]ike proposal 1
[R3-ike-proposal-1]dh group2
[R3-ike-proposal-1]encryption-algorithm 3des-cbc
//3des-cbc加密算法
[R3-ike-proposal-1]authentication-algorithm md5
//md5认证算法
8.R3创建IKE对等体配置
[R3]ike peer dsrwb v1
[R3-ike-peer-spua]ike-proposal 1
//引用IKE安全提议dsrw
[R3-ike-peer-spua]pre-shared-key cipher dsrw.com
//设置密钥为dsrw.com
[R3-ike-peer-spua]remote-address 12.1.1.1
//配置隧道远端地址
9.创建R3的IPsec提议
[R3]ipsec proposal dsrw
//IPsec提议dsrw
[R3-ipsec-proposal-dsrw]encapsulation-mode tunnel
//封装模式为隧道模式
[R3-ipsec-proposal-dsrw]esp encryption-algorithm 3des
//esp加密算法3des
[R3-ipsec-proposal-dsrw]esp authentication-algorithm sha2-256
//esp认证算法sha2-256
10.R3配置ipsec安全策略
[R3]ipsec policy dsrw.com 10 isakmp
[R3-ipsec-policy-isakmp-dsrw.com-10]security acl 3000
[R3-ipsec-policy-isakmp-dsrw.com-10]ike-peer dsrwb
[R3-ipsec-policy-isakmp-dsrw.com-10]proposal dsrw
11.在接口应用ipsec安全策略
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/0]ipsec policy dsrw.com
12.R2基本配置(R1、R3基本配置如图)
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 8
[R2]int GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 23.1.1.2 8
13.R1、R3配置静态默认路由
[R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[R3]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容