本文对比了华为和华三在IPSec配置上的差异,包括固定IP主模式、不固定IP主模式、NAT穿越建立IPSec隧道和GRE Over IPSec隧道的配置步骤。详细列举了华为和华三设备的配置命令,帮助读者理解两者在实现相同功能时的不同之处。
有关IPSec VPN的原理,这里就不展开了,我们直接上图上配置
一、固定IP,主模式VPN配置
华为:
#
ike proposal 1
encryption-algorithm aes-cbc-128
authentication-algorithm aes-xcbc-mac-96
#
ike peer 1 v2
pre-shared-key cipher 12345@huawei
ike-proposal 1
local-address 12.12.12.1
remote-address 23.23.23.3
#
ipsec proposal 1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#
acl number 3000
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
ipsec policy 1 1 isakmp
security acl 3000
ike-peer 1
proposal 1
#
ip route-static 0.0.0.0 0.0.0.0 12.12.12.2
#
--------------------------------------------------------------------------------------------------------------------------
H3C:
#
ike proposal 1
encryption-algorithm aes-cbc-128
#
ike keychain 1
match local address 12.12.12.1
pre-shared-key address 23.23.23.3 255.255.255.0 key cipher $c$3$4UeEAf40bV9Vz/Ixl0Wkx2s0j1ZDIH4EY6vQAg==
#
ike profile 1
keychain 1
local-identity address 12.12.12.1
match remote identity address 23.23.23.3 255.255.255.0
proposal 1
#
ipsec transform-set 1
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm aes-xcbc-mac
#
acl advanced 3000
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
ipsec policy 1 1 isakmp
transform-set 1
security acl 3000
remote-address 23.23.23.3
ike-profile 1
================================================================================
二、不固定IP,主模式
----------------------------------------------------------
华为:
AR1:
ipsec proposal huawei
#
ike proposal 1
#
ike peer branch v1
pre-shared-key simple huawei
ike-proposal 1
local-address 12.12.12.1
#
ipsec policy-template branch 1
ike-peer branch
proposal huawei
#
ipsec policy-template branch 1
ike-peer branch
proposal huawei
#
ipsec policy branch_policy 1 isakmp template branch
#
interface GigabitEthernet0/0/1
ip address 12.12.12.1 255.255.255.0
ipsec policy bran
最低0.47元/天 解锁文章
4459
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
