20.2 IKE 动态IPsec VPN配置

图片[1]-20.2 IKE 动态IPsec VPN配置-大赛人网
图20-2 IKE 动态IPsec VPN配置网络拓扑

1.配置R1、R3ACL感兴趣流

[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255

[R3]acl 3000
[R3-acl-adv-3000]rule permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

2.R1创建IKE安全提议

[R1]ike proposal 1
[R1-ike-proposal-1]dh group2
[R1-ike-proposal-1]encryption-algorithm 3des-cbc
//3des-cbc加密算法
[R1-ike-proposal-1]authentication-algorithm md5 
//md5认证算法

3.R1创建IKE对等体配置

[R1]ike peer dsrwa v1
[R1-ike-peer-spua]ike-proposal 1
//引用IKE安全提议dsrw
[R1-ike-peer-spua]pre-shared-key cipher dsrw.com
//设置密钥为dsrw.com
[R1-ike-peer-spua]remote-address 23.1.1.3
//配置隧道远端地址

4.创建R1的IPsec提议

[R1]ipsec proposal dsrw
//IPsec提议dsrw
[R1-ipsec-proposal-dsrw]encapsulation-mode tunnel
//封装模式为隧道模式
[R1-ipsec-proposal-dsrw]esp encryption-algorithm 3des
//esp加密算法3des
[R1-ipsec-proposal-dsrw]esp authentication-algorithm sha2-256
//esp认证算法sha2-256

5.R1配置ipsec安全策略

[R1]ipsec policy dsrw.com 10 isakmp
[R1-ipsec-policy-isakmp-dsrw.com-10]security acl 3000
[R1-ipsec-policy-isakmp-dsrw.com-10]ike-peer dsrwa
[R1-ipsec-policy-isakmp-dsrw.com-10]proposal dsrw 

6.在接口应用ipsec安全策略

[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ipsec policy  dsrw.com

7.R3创建IKE安全提议

[R3]ike proposal 1
[R3-ike-proposal-1]dh group2
[R3-ike-proposal-1]encryption-algorithm 3des-cbc
//3des-cbc加密算法
[R3-ike-proposal-1]authentication-algorithm md5 
//md5认证算法

8.R3创建IKE对等体配置

[R3]ike peer dsrwb v1
[R3-ike-peer-spua]ike-proposal 1
//引用IKE安全提议dsrw
[R3-ike-peer-spua]pre-shared-key cipher dsrw.com
//设置密钥为dsrw.com
[R3-ike-peer-spua]remote-address 12.1.1.1
//配置隧道远端地址

9.创建R3的IPsec提议

[R3]ipsec proposal dsrw
//IPsec提议dsrw
[R3-ipsec-proposal-dsrw]encapsulation-mode tunnel
//封装模式为隧道模式
[R3-ipsec-proposal-dsrw]esp encryption-algorithm 3des
//esp加密算法3des
[R3-ipsec-proposal-dsrw]esp authentication-algorithm sha2-256
//esp认证算法sha2-256

10.R3配置ipsec安全策略

[R3]ipsec policy dsrw.com 10 isakmp
[R3-ipsec-policy-isakmp-dsrw.com-10]security acl 3000
[R3-ipsec-policy-isakmp-dsrw.com-10]ike-peer dsrwb
[R3-ipsec-policy-isakmp-dsrw.com-10]proposal dsrw

11.在接口应用ipsec安全策略

[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/0]ipsec policy  dsrw.com

12.R2基本配置(R1、R3基本配置如图)

[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 8
[R2]int GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 23.1.1.2 8

13.R1、R3配置静态默认路由

[R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[R3]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
© 版权声明
THE END
喜欢就支持一下吧
点赞6 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称

    请登录后查看评论内容