ipsec总部对多点配置
学了两个月的HCNA,网上搜索仅有一点对一点的ipsec配置,现在自己能做一点对多点了给大家发一下自己写的配置以及拓扑图。大体过程:PC1 :192.168网段,PC2 :167网段,PC3 :166网段;三个都是配置接口DHCP自动获取;路由器AR2配置三个端口地址:10段;12段;13段。
命令配置
sysname r1
dhcp enable
acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.167.10.0 0.0.0.2
55
acl number 3001
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.166.10.0 0.0.0.
255
acl number 3002
rule 8 deny ip source 192.168.10.0 0.0.0.255 destination 192.166.10.0 0.0.0.255
rule 9 deny ip source 192.168.10.0 0.0.0.255 destination 192.167.10.0 0.0.0.255
rule 10 permit ip source 192.168.10.0 0.0.0.255
ipsec proposal 1
ike proposal 1
ike peer r2 v1
pre-shared-key simple huawei
ike-proposal 1
remote-address 12.0.0.1
ike peer r4 v1
pre-