1.无固定IP场景-野蛮模式
早期主模式不能使用在非固定IP场景下,进行身份验证密钥查找时,只能根据IP地址进行查找,不能根据域名方式进行查找预共享密钥-无法进行身份验证,早期解决方案使用野蛮模式。
野蛮模式在进行协商过程中,直接进行发送身份信息(明文发送 ),根据IP 或者域名方式进行身份信息查找-验证。
2.野蛮模式配置(R1固定IP,R3非固定IP)
![图片[1]-8.7 无固定IPSEC场景-野蛮模式-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片4-1.png)
![图片[2]-8.7 无固定IPSEC场景-野蛮模式-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片5-1-1024x458.png)
1)R1(基础配置同上)
#ike proposal配置
ike proposal 5
encryption-algorithm aes-cbc-128
#ike peer配置
ike peer R3 v1
#野蛮模式
exchange-mode aggressive
pre-shared-key cipher huawei
ike-proposal 5
local-address 12.1.1.1
remote-address www.dsrw.com
#ipsec proposal配置
ipsec proposal pps1
transform ah-esp
ah authentication-algorithm sha1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#ipsec policy配置
ipsec policy pl01 10 isakmp
security acl 3001
ike-peer R3
proposal pps1
#接口应用
interface GigabitEthernet0/0/0
ipsec policy pl01
2)R3(基础配置同上)
#ike proposal配置
ike proposal 5
encryption-algorithm aes-cbc-128
#ike local-name配置
ike local-name www.dsrw.com
#ike peer配置
ike peer R1 v1
#野蛮模式
exchange-mode aggressive
pre-shared-key cipher huawei
ike-proposal 5
local-id-type name
remote-address 12.1.1.1
#ipsec proposal配置
ipsec proposal pps1
transform ah-esp
ah authentication-algorithm sha1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#ipsec policy配置
ipsec policy pl01 10 isakmp
security acl 3001
ike-peer R1
proposal pps1
#接口应用
interface GigabitEthernet0/0/0
ipsec policy pl01
3.野蛮模式配置(R1和R3都不固定IP)
![图片[3]-8.7 无固定IPSEC场景-野蛮模式-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片6-1.png)
![图片[4]-8.7 无固定IPSEC场景-野蛮模式-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/09/图片7-1-1024x481.png)
1)R1(基础配置同上)
#ike proposal配置
ike proposal 5
encryption-algorithm aes-cbc-128
#ike local-name配置
ike local-name www.dsrw.cn
#ike peer配置
ike peer R3 v1
#野蛮模式
exchange-mode aggressive
pre-shared-key cipher huawei
ike-proposal 5
local-id-type name
remote-address www.dsrw.com
#ipsec proposal配置
ipsec proposal pps1
transform ah-esp
ah authentication-algorithm sha1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#ipsec policy配置
ipsec policy pl01 10 isakmp
security acl 3001
ike-peer R3
proposal pps1
#接口应用
interface GigabitEthernet0/0/0
ipsec policy pl01
2)R3(基础配置同上)
#ike proposal配置
ike proposal 5
encryption-algorithm aes-cbc-128
#ike local-name配置
ike local-name www.dsrw.com
#ike peer配置
ike peer R1 v1
#野蛮模式
exchange-mode aggressive
pre-shared-key cipher huawei
ike-proposal 5
local-id-type name
remote-address www.dsrw.cn
#ipsec proposal配置
ipsec proposal pps1
transform ah-esp
ah authentication-algorithm sha1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#ipsec policy配置
ipsec policy pl01 10 isakmp
security acl 3001
ike-peer R1
proposal pps1
#接口应用
interface GigabitEthernet0/0/0
ipsec policy pl01
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容