H3C 830ipsec配置实例无固定IP

本地IP:8.8.8.8
acl advanced 3600

rule 0 permit ip source 10.2.2.0 0.0.0.3 destination 192.168.20.0 0.0.0.255
rule 5 permit ip source 10.2.2.0 0.0.0.3 destination 192.168.10.0 0.0.0.255
rule 10 permit ip source 172.2.2.0 0.0.0.255 destination 192.168.20.0 0.0.0.255
rule 15 permit ip source 172.2.2.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

ipsec transform-set abc(ipsec安全提议)
esp encryption-algorithm des-cbc
esp authentication-algorithm md5

ike proposal 3 (ike提议)
authentication-algorithm md5
encryption-algorithm des-cbc
authentication-method pre-share
dh group2

ikev2 proposal 3(ike2提议)
encryption des-cbc
integrity md5
dh group2

ike keychain abc(ike密钥)
pre-shared-key address 0.0.0.0 0.0.0.0 key simple a12345678

ikev2 keychain abc(ike2密钥)
peer 3
identity fqdn xdmy
pre-s

  • 0
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
以下是基本的H3C IPSec配置步骤: 1. 配置IKE策略 [H3C] ike proposal 1 [H3C-ike-proposal-1] encryption-algorithm aes [H3C-ike-proposal-1] authentication-algorithm sha2 [H3C-ike-proposal-1] dh group14 [H3C-ike-proposal-1] sa duration 28800 [H3C-ike-proposal-1] quit 2. 配置IPSec策略 [H3C] ipsec proposal 1 [H3C-ipsec-proposal-1] esp authentication-algorithm sha2 [H3C-ipsec-proposal-1] esp encryption-algorithm aes [H3C-ipsec-proposal-1] sa duration 28800 [H3C-ipsec-proposal-1] quit 3. 设置IKE策略和IPSec策略的预共享密钥 [H3C] ike peer VPN-Peer1 1.1.1.1 [H3C-ike-peer-VPN-Peer1] pre-shared-key simple password [H3C-ike-peer-VPN-Peer1] ike proposal 1 [H3C-ike-peer-VPN-Peer1] quit [H3C] ipsec proposal 1 [H3C-ipsec-proposal-1] transform esp [H3C-ipsec-proposal-1] quit 4. 配置IPSec VPN [H3C] ipsec policy VPN-Policy1 isakmp [H3C-ipsec-isakmp-VPN-Policy1] ike-peer VPN-Peer1 [H3C-ipsec-isakmp-VPN-Policy1] proposal 1 [H3C-ipsec-isakmp-VPN-Policy1] quit [H3C] ipsec policy VPN-Policy1 security acl 3001 [H3C-ipsec-acl-3001-VPN-Policy1] quit [H3C] interface GigabitEthernet0/0/1 [H3C-GigabitEthernet0/0/1] ip address 10.1.1.1 255.255.255.0 [H3C-GigabitEthernet0/0/1] quit [H3C] acl number 3001 [H3C-acl-basic-3001] rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 [H3C-acl-basic-3001] quit 以上是基本的H3C IPSec配置步骤,需要根据具体的场景和需求进行调整和修改。建议在实际配置前,先仔细阅读官方文档和相关资料,确保理解和掌握相关知识。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值