第七次作业

pc1 192.168.1.2/24

 pc2 192.168.2.2/24

r2

r3

 

r1

 

r2

[Huawei]sy    
[Huawei]sysname R2
[R2]
[R2]
[R2]
[R2]
[R2]
[R2]
[R2]
[R2]ike p    
[R2]ike peer
[R2]ike proposal 1
[R2-ike-proposal-1]en    
[R2-ike-proposal-1]encryption-algorithm aes    
[R2-ike-proposal-1]encryption-algorithm aes-cbc-128
[R2-ike-proposal-1]au    
[R2-ike-proposal-1]authentication-method
[R2-ike-proposal-1]authentication-algorithm a    
[R2-ike-proposal-1]authentication-algorithm s    
[R2-ike-proposal-1]authentication-algorithm sha1
[R2-ike-proposal-1]dh    
[R2-ike-proposal-1]dh g    
[R2-ike-proposal-1]dh group1
[R2-ike-proposal-1]dh group2
[R2-ike-proposal-1]au    
[R2-ike-proposal-1]authentication-algorithm
[R2-ike-proposal-1]authentication-method p    
[R2-ike-proposal-1]authentication-method pre-share 
[R2-ike-proposal-1]sa    
[R2-ike-proposal-1]sa d    
[R2-ike-proposal-1]sa duration ?
  INTEGER<60-604800>  Value of time(in seconds), default is 86400
[R2-ike-proposal-1]sa duration     
[R2-ike-proposal-1]qu
[R2]ike    
[R2]ike p    
[R2]ike peer
[R2]ike proposal 2
[R2-ike-proposal-2]au    
[R2-ike-proposal-2]authentication-algorithm
[R2-ike-proposal-2]authentication-methodp    
[R2-ike-proposal-2]authentication-method p    
[R2-ike-proposal-2]authentication-method pre-share 
[R2-ike-proposal-2]qu
[R2]ike    
[R2]ike p    
[R2]ike peer jjj
Error: This IKE peer is new, please indicate the mode to finish creating it.
[R2]ike peer jjj v    
[R2]ike peer jjj v1
[R2-ike-peer-jjj]pre    
[R2-ike-peer-jjj]pre-shared-key ?
  cipher  Pre-shared-key with cipher text
  simple  Pre-shared-key with plain text
[R2-ike-peer-jjj]pre-shared-key c    
[R2-ike-peer-jjj]pre-shared-key cipher key123
[R2-ike-peer-jjj]ex    
[R2-ike-peer-jjj]exchange-mode ma    
[R2-ike-peer-jjj]exchange-mode main 
[R2-ike-peer-jjj]dis th
[V200R003C00]
#
ike peer jjj v1
 pre-shared-key cipher %$%$CEen2)&z`/OU}T3`bc`N,.2n%$%$
#
return
[R2-ike-peer-jjj]pe    
[R2-ike-peer-jjj]re    
[R2-ike-peer-jjj]re-authentication
[R2-ike-peer-jjj]remote-address
[R2-ike-peer-jjj]dis th    
[R2-ike-peer-jjj]re    
[R2-ike-peer-jjj]re-authentication
[R2-ike-peer-jjj]remote-address 100.1.13.1
[R2-ike-peer-jjj]ike    
[R2-ike-peer-jjj]ike-proposal 1
[R2-ike-peer-jjj]qu
[R2]ip    
[R2]ips    
[R2]ipsec por    
[R2]ipsec por
[R2]ipsec pro    
[R2]ipsec profile
[R2]ipsec proposal jjj
[R2-ipsec-proposal-jjj]en    
[R2-ipsec-proposal-jjj]encapsulation-mode ?
  transport  Only the payload of IP packet is protected(transport mode)
  tunnel     The entire IP packet is protected(tunnel mode)
[R2-ipsec-proposal-jjj]encapsulation-mode t    
[R2-ipsec-proposal-jjj]encapsulation-mode transport
[R2-ipsec-proposal-jjj]encapsulation-mode tunnel
[R2-ipsec-proposal-jjj]es    
[R2-ipsec-proposal-jjj]esp e    
[R2-ipsec-proposal-jjj]esp encryption-algorithm a    
[R2-ipsec-proposal-jjj]esp encryption-algorithm aes-128
[R2-ipsec-proposal-jjj]esp    
[R2-ipsec-proposal-jjj]esp a    
[R2-ipsec-proposal-jjj]esp authentication-algorithm sh    
[R2-ipsec-proposal-jjj]esp authentication-algorithm sha1
[R2-ipsec-proposal-jjj]qu
[R2]acr    
[R2]ac    
[R2]acl 3000
[R2-acl-adv-3000]ru    
[R2-acl-adv-3000]rule p    
[R2-acl-adv-3000]rule permit i    
[R2-acl-adv-3000]rule permit ip so    
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255de    
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255       
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 de    
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168
.2.0 0.0.0.55
[R2-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168
.2.0 0.0.0.255
[R2-acl-adv-3000]qu
[R2]ips    
[R2]ipsec po    
[R2]ipsec policy
[R2]ipsec policy jjj 1 is    
[R2]ipsec policy jjj 1 isakmp ?
  template  Use security policy template to establish the IPSec SA
  <cr>      Please press ENTER to execute command 
[R2]ipsec policy jjj 1 isakmp 
[R2-ipsec-policy-isakmp-jjj-1]pre    
[R2-ipsec-policy-isakmp-jjj-1]pro    
[R2-ipsec-policy-isakmp-jjj-1]proposal jjj
[R2-ipsec-policy-isakmp-jjj-1]ike    
[R2-ipsec-policy-isakmp-jjj-1]ike-peer jjj
[R2-ipsec-policy-isakmp-jjj-1]?
ipsec-policy-isakmp interface view commands:
  arp-ping  ARP-ping
  backup    Backup  information
  clear     Clear
  dialer    Dialer
  display   Display information
  ike-peer  Specify IKE peer
  ipsec     Specify IPSec(IP Security) configuration information
  mtrace    Trace route to multicast source
  pfs       Use perfect forward security(PFS) in IKE phase 2 negotiation
  ping      <Group> ping command group
  proposal  Config IPSec security proposal
  qos       QoS configuration
  quit      Exit from current mode and enter prior mode
  reset     <Group> reset command group
  return    Enter the privileged mode
  route     Route
  sa        Specify the parameters of security association(SA)
  security  Specify the packets to be protected by this policy
  test-aaa  Accounts test
  tracert   <Group> tracert command group
  tunnel    Specify IPSec tunnel parameters
  undo      Negate a command or set its defaults
[R2-ipsec-policy-isakmp-jjj-1]se    
[R2-ipsec-policy-isakmp-jjj-1]security a    
[R2-ipsec-policy-isakmp-jjj-1]security acl 3000
[R2-ipsec-policy-isakmp-jjj-1]dis th
[V200R003C00]
#
ipsec policy jjj 1 isakmp
 security acl 3000
 ike-peer jjj
 proposal jjj
#
return
[R2-ipsec-policy-isakmp-jjj-1]pfs    
[R2-ipsec-policy-isakmp-jjj-1]pfs dg    
[R2-ipsec-policy-isakmp-jjj-1]pfs dh    
[R2-ipsec-policy-isakmp-jjj-1]pfs dh-group2
[R2-ipsec-policy-isakmp-jjj-1]dis th
[V200R003C00]
#
ipsec policy jjj 1 isakmp
 security acl 3000
 pfs dh-group2
 ike-peer jjj
 proposal jjj
#
return
[R2-ipsec-policy-isakmp-jjj-1]qu
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip    
[R2-GigabitEthernet0/0/0]ipsec
[R2-GigabitEthernet0/0/0]ipv6
[R2-GigabitEthernet0/0/0]ipse    
[R2-GigabitEthernet0/0/0]ipsec po    
[R2-GigabitEthernet0/0/0]ipsec policy jjj
 

r3

Huawei-ike-proposal-1]dh g    
[Huawei-ike-proposal-1]dh group2
[Huawei-ike-proposal-1]qu
[Huawei]ikepe    
[Huawei]ike pe    
[Huawei]ike peer jjj
Error: This IKE peer is new, please indicate the mode to finish creating it.
[Huawei]ike peer jjj v1
[Huawei-ike-peer-jjj]pre    
[Huawei-ike-peer-jjj]pre-shared-key c    
[Huawei-ike-peer-jjj]pre-shared-key cipher key123
[Huawei-ike-peer-jjj]re    
[Huawei-ike-peer-jjj]re-authentication
[Huawei-ike-peer-jjj]remote-address 100.1.12.1
[Huawei-ike-peer-jjj]ike    
[Huawei-ike-peer-jjj]ike-proposal 1
[Huawei-ike-peer-jjj]qu
[Huawei]ips    
[Huawei]ipsec p    
[Huawei]ipsec policy
[Huawei]ipsec pro    
[Huawei]ipsec profile
[Huawei]ipsec proposal jjj
[Huawei-ipsec-proposal-jjj]en    
[Huawei-ipsec-proposal-jjj]encapsulation-mode t    
[Huawei-ipsec-proposal-jjj]encapsulation-mode transport
[Huawei-ipsec-proposal-jjj]e    
[Huawei-ipsec-proposal-jjj]e    
[Huawei-ipsec-proposal-jjj]encapsulation-mode
[Huawei-ipsec-proposal-jjj]esp au    
[Huawei-ipsec-proposal-jjj]esp authentication-algorithm s    
[Huawei-ipsec-proposal-jjj]esp authentication-algorithm sha1
[Huawei-ipsec-proposal-jjj]es    
[Huawei-ipsec-proposal-jjj]esp e    
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm e    
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm e
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm a    
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm aes-128
[Huawei-ipsec-proposal-jjj]dis    
[Huawei-ipsec-proposal-jjj]display t    
[Huawei-ipsec-proposal-jjj]display this
[V200R003C00]
#
ipsec proposal jjj
 encapsulation-mode transport
 esp authentication-algorithm sha1
 esp encryption-algorithm aes-128
#
return
[Huawei-ipsec-proposal-jjj]qu
[Huawei]acl    
[Huawei]acl 3000
[Huawei-acl-adv-3000]ru    
[Huawei-acl-adv-3000]rule p    
[Huawei-acl-adv-3000]rule permit ip    
[Huawei-acl-adv-3000]rule permit ip s    
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 d    
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 destination192.
168.1.0 0.0.0.255
                                                                 ^
Error:Too many parameters found at '^' position.
[Huawei-acl-adv-3000]qu
[Huawei]ip    
[Huawei]ipsec p    
[Huawei]ipsec profile jjj 1is    
[Huawei]ipsec profile jjj 1 is    
[Huawei]ipsec profile jjj 1     
[Huawei]ipsec profile jjj 1 is    
[Huawei]ipsec profile jjj 1 is
[Huawei]ipsec profile jjj 1 isa    
[Huawei]ipsec profile jjj 1 is    
[Huawei]ipsec profile jjj 1 isak    
[Huawei]ipsec profile jjj 1 isakmp
                          ^
Error:Too many parameters found at '^' position.
[Huawei]ipsec profile jjj 1 is    
[Huawei]ipsec profile jjj 1 isakmp
                          ^
Error:Too many parameters found at '^' position.
[Huawei]ip    
[Huawei]ips    
[Huawei]ipsec p    
[Huawei]ipsec policy jjj 1 i    
[Huawei]ipsec policy jjj 1 isakmp 
[Huawei-ipsec-policy-isakmp-jjj-1]ips    
[Huawei-ipsec-policy-isakmp-jjj-1]pr    
[Huawei-ipsec-policy-isakmp-jjj-1]proposal jjj
[Huawei-ipsec-policy-isakmp-jjj-1]ike    
[Huawei-ipsec-policy-isakmp-jjj-1]ike-peer jjj
[Huawei-ipsec-policy-isakmp-jjj-1]se    
[Huawei-ipsec-policy-isakmp-jjj-1]security a    
[Huawei-ipsec-policy-isakmp-jjj-1]security acl 3000
[Huawei-ipsec-policy-isakmp-jjj-1]p    
[Huawei-ipsec-policy-isakmp-jjj-1]pfs d    
[Huawei-ipsec-policy-isakmp-jjj-1]pfs dh-group2
[Huawei-ipsec-policy-isakmp-jjj-1]qu
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ips    
[Huawei-GigabitEthernet0/0/0]ipsec p    
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
Error: The IPSec policy does not specify an acl with rule configured.
[Huawei-GigabitEthernet0/0/0]ip    
[Huawei-GigabitEthernet0/0/0]ips    
[Huawei-GigabitEthernet0/0/0]ipsec p    
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
Error: The IPSec policy does not specify an acl with rule configured.
[Huawei-GigabitEthernet0/0/0]dis this    
[Huawei-GigabitEthernet0/0/0]dis this
[V200R003C00]
#
interface GigabitEthernet0/0/0
 ip address 100.1.13.1 255.255.255.0 
#
return
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
Error: The IPSec policy does not specify an acl with rule configured.
[Huawei-GigabitEthernet0/0/0]qu
[Huawei]ip    
[Huawei]ips    
[Huawei]ipsec p    
[Huawei]ipsec policy1
              ^
Error: Unrecognized command found at '^' position.
[Huawei]ipsec policy 1
                       ^
Error:Incomplete command found at '^' position.
[Huawei]ipsec policy 1 jjj
                       ^
Error: Wrong parameter found at '^' position.
[Huawei]ipsec policy  jjj
                          ^
Error:Incomplete command found at '^' position.
[Huawei]ike p    
[Huawei]ike proposal
[Huawei]ike peer jjj
[Huawei-ike-peer-jjj]dis th
[V200R003C00]
#
ike peer jjj v1
 pre-shared-key cipher %$%$CEen2)&z`/OU}T3`bc`N,.2n%$%$
 ike-proposal 1
 remote-address 100.1.12.1
#
return
[Huawei-ike-peer-jjj]qu
[Huawei]ips    
[Huawei]ipsec p    
[Huawei]ipsec policy
[Huawei]ipsec policy-template
[Huawei]ipsec profile
[Huawei]ipsec proposal jjj
[Huawei-ipsec-proposal-jjj]dis    
[Huawei-ipsec-proposal-jjj]display th
[V200R003C00]
#
ipsec proposal jjj
 encapsulation-mode transport
 esp authentication-algorithm sha1
 esp encryption-algorithm aes-128
#
return
[Huawei-ipsec-proposal-jjj]qu
[Huawei]acl    
[Huawei]acl 3000
[Huawei-acl-adv-3000]ru    
[Huawei-acl-adv-3000]rule p    
[Huawei-acl-adv-3000]dis th
[V200R003C00]
#
acl number 3000  
#
return
[Huawei-acl-adv-3000]ru    
[Huawei-acl-adv-3000]rule p    
[Huawei-acl-adv-3000]rule permit ip    
[Huawei-acl-adv-3000]rule permit ips    
[Huawei-acl-adv-3000]rule permit ip      
[Huawei-acl-adv-3000]rule permit ip s    
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 d    
[Huawei-acl-adv-3000]rule permit ip source 192.168.2.0 0.0.0.255 destination 192
.168.1.0 0.0.0.255
[Huawei-acl-adv-3000]dis th
[V200R003C00]
#
acl number 3000  
 rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
 
#
return
[Huawei-acl-adv-3000]qu
[Huawei]ip    
[Huawei]ipsec p    
[Huawei]ipsec profile jjj    
[Huawei]ipsec profile    
[Huawei]ipsec pro    
[Huawei]ipsec profile
[Huawei]ipsec proposal
[Huawei]ipsec profile
[Huawei]ipsec proposal
[Huawei]ipsec po    
[Huawei]ipsec policy jjj
                         ^
Error:Incomplete command found at '^' position.
[Huawei]ipsec policy jjj 1 is    
[Huawei]ipsec policy jjj 1 isakmp 
[Huawei-ipsec-policy-isakmp-jjj-1]dis th
[V200R003C00]
#
ipsec policy jjj 1 isakmp
 security acl 3000
 pfs dh-group2
 ike-peer jjj
 proposal jjj
#
return
[Huawei-ipsec-policy-isakmp-jjj-1]qu
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip    
[Huawei-GigabitEthernet0/0/0]ips    
[Huawei-GigabitEthernet0/0/0]ipsec p    
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
 

 

 

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值