![图片[1]-第20章 IPsec VPN-20.1 静态IPsec VPN配置-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片2-16-1024x542.png)
1.配置R1、R3ACL感兴趣流
[R1]acl 3000
[R1-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
[R3]acl 3000
[R3-acl-adv-3000]rule permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
2.创建R1安全提议
[R1]ipsec proposal dsrw
//IPSec安全提议名称dsrw
[R1-ipsec-proposal-dsrw]encapsulation-mode tunnel
//IPSec VPN的工作模式是隧道模式
[R1-ipsec-proposal-dsrw]transform esp
//安全提议的安全协议是esp
[R1-ipsec-proposal-dsrw]esp encryption-algorithm des
//安全提议的加密算法为DES
[R1-ipsec-proposal-dsrw]esp authentication-algorithm md5
//安全提议的认证算法为md5
3.配置R1手动IPSec安全策略
[R1]ipsec policy dsrw.com 10 manual
//配置IPSec策略dsrw.com,方式为手动
[R1-ipsec-policy-manual-dsrw.com-10]security acl 3000
//安全策略匹配感兴趣流
[R1-ipsec-policy-manual-dsrw.com-10]proposal dsrw
//引用dsrw的提议
[R1-ipsec-policy-manual-dsrw.com-10]tunnel local 12.1.1.1
//配置隧道本地地址
[R1-ipsec-policy-manual-dsrw.com-10]tunnel remote 23.1.1.3
//配置隧道远端地址
[R1-ipsec-policy-manual-dsrw.com-10]sa spi inbound esp 54321
//配置入方向SA编号54321
[R1-ipsec-policy-manual-dsrw.com-10]sa string-key inbound esp cipher dsrw.com
//配置入方向SA的认证密钥dsrw.com
[R1-ipsec-policy-manual-dsrw.com-10]sa spi outbound esp 12345
//配置出方向SA编号12345
[R1-ipsec-policy-manual-dsrw.com-10]sa string-key outbound esp cipher dsrw.com
//配置出方向SA的认证密钥为dsrw.com
4.在R1接口应用安全策略
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ipsec policy dsrw.com
5.创建R3安全提议
[R3]ipsec proposal dsrw
//IPSec安全提议名称dsrw
[R3-ipsec-proposal-dsrw]encapsulation-mode tunnel
//IPSec VPN的工作模式是隧道模式
[R3-ipsec-proposal-dsrw]transform esp
//安全提议的安全协议是esp
[R3-ipsec-proposal-dsrw]esp encryption-algorithm des
//安全提议的加密算法为DES
[R3-ipsec-proposal-dsrw]esp authentication-algorithm md5
//安全提议的认证算法为md5
6.配置R3手动IPSec安全策略
[R3]ipsec policy dsrw.com 10 manual
//配置IPSec策略dsrw.com,方式为手动
[R3-ipsec-policy-manual-dsrw.com-10]security acl 3000
//安全策略匹配感兴趣流
[R3-ipsec-policy-manual-dsrw.com-10]proposal dsrw
//引用dsrw的提议
[R3-ipsec-policy-manual-dsrw.com-10]tunnel local 23.1.1.3
//配置隧道本地地址
[R3-ipsec-policy-manual-dsrw.com-10]tunnel remote 12.1.1.1
//配置隧道远端地址
[R3-ipsec-policy-manual-dsrw.com-10]sa spi inbound esp 54321
//配置入方向SA编号54321
[R3-ipsec-policy-manual-dsrw.com-10]sa string-key inbound esp cipher dsrw.com
//配置入方向SA的认证密钥dsrw.com
[R3-ipsec-policy-manual-dsrw.com-10]sa spi outbound esp 12345
//配置出方向SA编号12345
[R3-ipsec-policy-manual-dsrw.com-10]sa string-key outbound esp cipher dsrw.com
//配置出方向SA的认证密钥为dsrw.com
7.在R3接口应用安全策略
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ipsec policy dsrw.com
8.R2基本配置(R1、R3基本配置如图)
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 12.1.1.2 8
[R2]int GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 23.1.1.2 8
9.R1、R3配置静态默认路由
[R1]ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
[R3]ip route-static 0.0.0.0 0.0.0.0 23.1.1.2
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容