一、
组网需求:
二、组网图
SecPath1000F:Version 3.40, R1606。
三、
配置 信息
1
、SecPath1000F_1的主要配置
#
sysname BeiJing
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo connection-limit enable
connection-limit default deny
connection-limit default amount upper-limit 50 lower-limit 20
#
firewall statistic system enable
#
radius scheme system
#
domain system
#
ike dpd 1 //配置ike dpd
#
ike peer 1 //配置ike peer
pre-shared-key 123
remote-address 202.38.1.2
local-address 202.38.1.1
dpd 1
#
ipsec proposal 1 //配置ipsec安全提议
transform ah-esp //配置ah-esp认证算法
undo esp authentication-algorithm
#
ipsec policy pol1 1 isakmp //配置ipsec策略
security acl 3000
ike-peer 1
proposal 1