pc1 192.168.1.2/24
pc2 192.168.2.2/24
r2
r3
r1
r2
[Huawei]sy
[Huawei]sysname R2
[R2]
[R2]
[R2]
[R2]
[R2]
[R2]
[R2]
[R2]ike p
[R2]ike peer
[R2]ike proposal 1
[R2-ike-proposal-1]en
[R2-ike-proposal-1]encryption-algorithm aes
[R2-ike-proposal-1]encryption-algorithm aes-cbc-128
[R2-ike-proposal-1]au
[R2-ike-proposal-1]authentication-method
[R2-ike-proposal-1]authentication-algorithm a
[R2-ike-proposal-1]authentication-algorithm s
[R2-ike-proposal-1]authentication-algorithm sha1
[R2-ike-proposal-1]dh
[R2-ike-proposal-1]dh g
[R2-ike-proposal-1]dh group1
[R2-ike-proposal-1]dh group2
[R2-ike-proposal-1]au
[R2-ike-proposal-1]authentication-algorithm
[R2-ike-proposal-1]authentication-method p
[R2-ike-proposal-1]authentication-method pre-share
[R2-ike-proposal-1]sa
[R2-ike-proposal-1]sa d
[R2-ike-proposal-1]sa duration ?
INTEGER<60-604800> Value of time(in seconds), default is 86400
[R2-ike-proposal-1]sa duration
[R2-ike-proposal-1]qu
[R2]ike
[R2]ike p
[R2]ike peer
[R2]ike proposal 2
[R2-ike-proposal-2]au
[R2-ike-proposal-2]authentication-algorithm
[R2-ike-proposal-2]authentication-methodp
[R2-ike-proposal-2]authentication-method p
[R2-ike-proposal-2]authentication-method pre-share
[R2-ike-proposal-2]qu
[R2]ike
[R2]ike p
[R2]ike peer jjj
Error: This IKE peer is new, please indicate the mode to finish creating it.
[R2]ike peer jjj v
[R2]ike peer jjj v1
[R2-ike-peer-jjj]pre
[R2-ike-peer-jjj]pre-shared-key ?
cipher Pre-shared-key with cipher text
simple Pre-shared-key with plain text
[R2-ike-peer-jjj]pre-shared-key c
[R2-ike-peer-jjj]pre-shared-key cipher key123
[R2-ike-peer-jjj]ex
[R2-ike-peer-jjj]exchange-mode ma
[R2-ike-peer-jjj]exchange-mode main
[R2-ike-peer-jjj]dis th
[V200R003C00]
#
ike peer jjj v1
pre-shared-key cipher %$%$CEen2)&z`/OU}T3`bc`N,.2n%$%$
#
return
[R2-ike-peer-jjj]pe
[R2-ike-peer-jjj]re
[R2-ike-peer-jjj]re-authentication
[R2-ike-peer-jjj]remote-address
[R2-ike-peer-jjj]dis th
[R2-ike-peer-jjj]re
[R2-ike-peer-jjj]re-authentication
[R2-ike-peer-jjj]remote-address 100.1.13.1
[R2-ike-peer-jjj]ike
[R2-ike-peer-jjj]ike-proposal 1
[R2-ike-peer-jjj]qu
[R2]ip
[R2]ips
[R2]ipsec por
[R2]ipsec por
[R2]ipsec pro
[R2]ipsec profile
[R2]ipsec proposal jjj
[R2-ipsec-proposal-jjj]en
[R2-ipsec-proposal-jjj]encapsulation-mode ?
transport Only the payload of IP packet is protected(transport mode)
tunnel The entire IP packet is protected(tunnel mode)
[R2-ipsec-proposal-jjj]encapsulation-mode t
[R2-ipsec-proposal-jjj]encapsulation-mode transport
[R2-ipsec-proposal-jjj]encapsulation-mode tunnel
[R2-ipsec-proposal-jjj]es
[R2-ipsec-proposal-jjj]esp e
[R2-ipsec-proposal-jjj]esp encryption-algorithm a
[R2-ipsec-proposal-jjj]esp encryption-algorithm aes-128
[R2-ipsec-proposal-jjj]esp
[R2-ipsec-proposal-jjj]esp a
[R2-ipsec-proposal-jjj]esp authentication-algorithm sh
[R2-ipsec-proposal-jjj]esp authentication-algorithm sha1
[R2-ipsec-proposal-jjj]qu
[R2]acr
[R2]ac
[R2]acl 3000
[R2-acl-adv-3000]ru
[R2-acl-adv-3000]rule p
[R2-acl-adv-3000]rule permit i
[R2-acl-adv-3000]rule permit ip so
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255de
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 de
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168
.2.0 0.0.0.55
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168
.2.0 0.0.0.255
[R2-acl-adv-3000]qu
[R2]ips
[R2]ipsec po
[R2]ipsec policy
[R2]ipsec policy jjj 1 is
[R2]ipsec policy jjj 1 isakmp ?
template Use security policy template to establish the IPSec SA
<cr> Please press ENTER to execute command
[R2]ipsec policy jjj 1 isakmp
[R2-ipsec-policy-isakmp-jjj-1]pre
[R2-ipsec-policy-isakmp-jjj-1]pro
[R2-ipsec-policy-isakmp-jjj-1]proposal jjj
[R2-ipsec-policy-isakmp-jjj-1]ike
[R2-ipsec-policy-isakmp-jjj-1]ike-peer jjj
[R2-ipsec-policy-isakmp-jjj-1]?
ipsec-policy-isakmp interface view commands:
arp-ping ARP-ping
backup Backup information
clear Clear
dialer Dialer
display Display information
ike-peer Specify IKE peer
ipsec Specify IPSec(IP Security) configuration information
mtrace Trace route to multicast source
pfs Use perfect forward security(PFS) in IKE phase 2 negotiation
ping <Group> ping command group
proposal Config IPSec security proposal
qos QoS configuration
quit Exit from current mode and enter prior mode
reset <Group> reset command group
return Enter the privileged mode
route Route
sa Specify the parameters of security association(SA)
security Specify the packets to be protected by this policy
test-aaa Accounts test
tracert <Group> tracert command group
tunnel Specify IPSec tunnel parameters
undo Negate a command or set its defaults
[R2-ipsec-policy-isakmp-jjj-1]se
[R2-ipsec-policy-isakmp-jjj-1]security a
[R2-ipsec-policy-isakmp-jjj-1]security acl 3000
[R2-ipsec-policy-isakmp-jjj-1]dis th
[V200R003C00]
#
ipsec policy jjj 1 isakmp
security acl 3000
ike-peer jjj
proposal jjj
#
return
[R2-ipsec-policy-isakmp-jjj-1]pfs
[R2-ipsec-policy-isakmp-jjj-1]pfs dg
[R2-ipsec-policy-isakmp-jjj-1]pfs dh
[R2-ipsec-policy-isakmp-jjj-1]pfs dh-group2
[R2-ipsec-policy-isakmp-jjj-1]dis th
[V200R003C00]
#
ipsec policy jjj 1 isakmp
security acl 3000
pfs dh-group2
ike-peer jjj
proposal jjj
#
return
[R2-ipsec-policy-isakmp-jjj-1]qu
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip
[R2-GigabitEthernet0/0/0]ipsec
[R2-GigabitEthernet0/0/0]ipv6
[R2-GigabitEthernet0/0/0]ipse
[R2-GigabitEthernet0/0/0]ipsec po
[R2-GigabitEthernet0/0/0]ipsec policy jjj
r3
Huawei-ike-proposal-1]dh g
[Huawei-ike-proposal-1]dh group2
[Huawei-ike-proposal-1]qu
[Huawei]ikepe
[Huawei]ike pe
[Huawei]ike peer jjj
Error: This IKE peer is new, please indicate the mode to finish creating it.
[Huawei]ike peer jjj v1
[Huawei-ike-peer-jjj]pre
[Huawei-ike-peer-jjj]pre-shared-key c
[Huawei-ike-peer-jjj]pre-shared-key cipher key123
[Huawei-ike-peer-jjj]re
[Huawei-ike-peer-jjj]re-authentication
[Huawei-ike-peer-jjj]remote-address 100.1.12.1
[Huawei-ike-peer-jjj]ike
[Huawei-ike-peer-jjj]ike-proposal 1
[Huawei-ike-peer-jjj]qu
[Huawei]ips
[Huawei]ipsec p
[Huawei]ipsec policy
[Huawei]ipsec pro
[Huawei]ipsec profile
[Huawei]ipsec proposal jjj
[Huawei-ipsec-proposal-jjj]en
[Huawei-ipsec-proposal-jjj]encapsulation-mode t
[Huawei-ipsec-proposal-jjj]encapsulation-mode transport
[Huawei-ipsec-proposal-jjj]e
[Huawei-ipsec-proposal-jjj]e
[Huawei-ipsec-proposal-jjj]encapsulation-mode
[Huawei-ipsec-proposal-jjj]esp au
[Huawei-ipsec-proposal-jjj]esp authentication-algorithm s
[Huawei-ipsec-proposal-jjj]esp authentication-algorithm sha1
[Huawei-ipsec-proposal-jjj]es
[Huawei-ipsec-proposal-jjj]esp e
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm e
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm e
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm a
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm aes-128
[Huawei-ipsec-proposal-jjj]dis
[Huawei-ipsec-proposal-jjj]display t
[Huawei-ipsec-proposal-jjj]display this
[V200R003C00]
#
ipsec proposal jjj
encapsulation-mode transport
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#
return
[Huawei-ipsec-proposal-jjj]qu
[Huawei]acl
[Huawei]acl 3000
[Huawei-acl-adv-3000]ru
[Huawei-acl-adv-3000]rule p
[Huawei-acl-adv-3000]rule permit ip
[Huawei-acl-adv-3000]rule permit ip s
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 d
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 destination192.
168.1.0 0.0.0.255
^
Error:Too many parameters found at '^' position.
[Huawei-acl-adv-3000]qu
[Huawei]ip
[Huawei]ipsec p
[Huawei]ipsec profile jjj 1is
[Huawei]ipsec profile jjj 1 is
[Huawei]ipsec profile jjj 1
[Huawei]ipsec profile jjj 1 is
[Huawei]ipsec profile jjj 1 is
[Huawei]ipsec profile jjj 1 isa
[Huawei]ipsec profile jjj 1 is
[Huawei]ipsec profile jjj 1 isak
[Huawei]ipsec profile jjj 1 isakmp
^
Error:Too many parameters found at '^' position.
[Huawei]ipsec profile jjj 1 is
[Huawei]ipsec profile jjj 1 isakmp
^
Error:Too many parameters found at '^' position.
[Huawei]ip
[Huawei]ips
[Huawei]ipsec p
[Huawei]ipsec policy jjj 1 i
[Huawei]ipsec policy jjj 1 isakmp
[Huawei-ipsec-policy-isakmp-jjj-1]ips
[Huawei-ipsec-policy-isakmp-jjj-1]pr
[Huawei-ipsec-policy-isakmp-jjj-1]proposal jjj
[Huawei-ipsec-policy-isakmp-jjj-1]ike
[Huawei-ipsec-policy-isakmp-jjj-1]ike-peer jjj
[Huawei-ipsec-policy-isakmp-jjj-1]se
[Huawei-ipsec-policy-isakmp-jjj-1]security a
[Huawei-ipsec-policy-isakmp-jjj-1]security acl 3000
[Huawei-ipsec-policy-isakmp-jjj-1]p
[Huawei-ipsec-policy-isakmp-jjj-1]pfs d
[Huawei-ipsec-policy-isakmp-jjj-1]pfs dh-group2
[Huawei-ipsec-policy-isakmp-jjj-1]qu
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ips
[Huawei-GigabitEthernet0/0/0]ipsec p
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
Error: The IPSec policy does not specify an acl with rule configured.
[Huawei-GigabitEthernet0/0/0]ip
[Huawei-GigabitEthernet0/0/0]ips
[Huawei-GigabitEthernet0/0/0]ipsec p
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
Error: The IPSec policy does not specify an acl with rule configured.
[Huawei-GigabitEthernet0/0/0]dis this
[Huawei-GigabitEthernet0/0/0]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/0
ip address 100.1.13.1 255.255.255.0
#
return
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
Error: The IPSec policy does not specify an acl with rule configured.
[Huawei-GigabitEthernet0/0/0]qu
[Huawei]ip
[Huawei]ips
[Huawei]ipsec p
[Huawei]ipsec policy1
^
Error: Unrecognized command found at '^' position.
[Huawei]ipsec policy 1
^
Error:Incomplete command found at '^' position.
[Huawei]ipsec policy 1 jjj
^
Error: Wrong parameter found at '^' position.
[Huawei]ipsec policy jjj
^
Error:Incomplete command found at '^' position.
[Huawei]ike p
[Huawei]ike proposal
[Huawei]ike peer jjj
[Huawei-ike-peer-jjj]dis th
[V200R003C00]
#
ike peer jjj v1
pre-shared-key cipher %$%$CEen2)&z`/OU}T3`bc`N,.2n%$%$
ike-proposal 1
remote-address 100.1.12.1
#
return
[Huawei-ike-peer-jjj]qu
[Huawei]ips
[Huawei]ipsec p
[Huawei]ipsec policy
[Huawei]ipsec policy-template
[Huawei]ipsec profile
[Huawei]ipsec proposal jjj
[Huawei-ipsec-proposal-jjj]dis
[Huawei-ipsec-proposal-jjj]display th
[V200R003C00]
#
ipsec proposal jjj
encapsulation-mode transport
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#
return
[Huawei-ipsec-proposal-jjj]qu
[Huawei]acl
[Huawei]acl 3000
[Huawei-acl-adv-3000]ru
[Huawei-acl-adv-3000]rule p
[Huawei-acl-adv-3000]dis th
[V200R003C00]
#
acl number 3000
#
return
[Huawei-acl-adv-3000]ru
[Huawei-acl-adv-3000]rule p
[Huawei-acl-adv-3000]rule permit ip
[Huawei-acl-adv-3000]rule permit ips
[Huawei-acl-adv-3000]rule permit ip
[Huawei-acl-adv-3000]rule permit ip s
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 d
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 destination 192
.168.1.0 0.0.0.255
[Huawei-acl-adv-3000]dis th
[V200R003C00]
#
acl number 3000
rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
return
[Huawei-acl-adv-3000]qu
[Huawei]ip
[Huawei]ipsec p
[Huawei]ipsec profile jjj
[Huawei]ipsec profile
[Huawei]ipsec pro
[Huawei]ipsec profile
[Huawei]ipsec proposal
[Huawei]ipsec profile
[Huawei]ipsec proposal
[Huawei]ipsec po
[Huawei]ipsec policy jjj
^
Error:Incomplete command found at '^' position.
[Huawei]ipsec policy jjj 1 is
[Huawei]ipsec policy jjj 1 isakmp
[Huawei-ipsec-policy-isakmp-jjj-1]dis th
[V200R003C00]
#
ipsec policy jjj 1 isakmp
security acl 3000
pfs dh-group2
ike-peer jjj
proposal jjj
#
return
[Huawei-ipsec-policy-isakmp-jjj-1]qu
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip
[Huawei-GigabitEthernet0/0/0]ips
[Huawei-GigabitEthernet0/0/0]ipsec p
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj