[RTA]
[RTA]
[RTA]dis cur
#
sysname RTA
#
FTP server enable
#
l2tp domain suffix-separator @
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<<"TX$_S#6.NM(0=0\)*5WWQ=^Q`MAF4<<"TX$_S#6.N
service-type telnet terminal
level 3
service-type ftp
#
ike peer bb
pre-shared-key cc
remote-address 1.1.1.2
#
ipsec proposal aa
#
---- More ----[42D [42Dipsec policy dd 1 isakmp
security acl 3000
ike-peer bb
proposal aa
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 202.1.1.1 255.255.255.252
#
interface Ethernet0/1
ip address 10.1.1.1 255.255.255.0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address ppp-negotiate
#
interface Tunnel0
ip address 1.1.1.1 255.255.255.252
source 202.1.1.1
---- More ----[42D [42D destination 202.1.1.2
ipsec policy dd
#
interface NULL0
#
acl number 3000
rule 0 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
rule 1 deny ip
#
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60
ip route-static 10.1.2.0 255.255.255.0 Tunnel 0 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
[RTB] dis cur
[RTA]
[RTA]dis cur
#
sysname RTA
#
FTP server enable
#
l2tp domain suffix-separator @
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<<"TX$_S#6.NM(0=0\)*5WWQ=^Q`MAF4<<"TX$_S#6.N
service-type telnet terminal
level 3
service-type ftp
#
ike peer bb
pre-shared-key cc
remote-address 1.1.1.2
#
ipsec proposal aa
#
---- More ----[42D [42Dipsec policy dd 1 isakmp
security acl 3000
ike-peer bb
proposal aa
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 202.1.1.1 255.255.255.252
#
interface Ethernet0/1
ip address 10.1.1.1 255.255.255.0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address ppp-negotiate
#
interface Tunnel0
ip address 1.1.1.1 255.255.255.252
source 202.1.1.1
---- More ----[42D [42D destination 202.1.1.2
ipsec policy dd
#
interface NULL0
#
acl number 3000
rule 0 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
rule 1 deny ip
#
ip route-static 0.0.0.0 0.0.0.0 202.1.1.2 preference 60
ip route-static 10.1.2.0 255.255.255.0 Tunnel 0 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
[RTB] dis cur
RTB
#
sysname RTB
#
FTP server enable
#
l2tp domain suffix-separator @
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<<"TX$_S#6.NM(0=0\)*5WWQ=^Q`MAF4<<"TX$_S#6.N
service-type telnet terminal
level 3
service-type ftp
#
ike peer bb
pre-shared-key cc
remote-address 1.1.1.1
#
ipsec proposal aa
#
---- More ----[42D [42Dipsec policy dd 1 isakmp
security acl 3000
ike-peer bb
proposal aa
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 202.1.1.2 255.255.255.252
#
interface Ethernet0/1
ip address 10.1.2.1 255.255.255.0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address ppp-negotiate
#
interface Tunnel0
ip address 1.1.1.2 255.255.255.252
source 202.1.1.2
---- More ----[42D [42D destination 202.1.1.1
ipsec policy dd
#
interface NULL0
#
acl number 3000
rule 0 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
rule 1 deny ip
#
ip route-static 0.0.0.0 0.0.0.0 202.1.1.1 preference 60
ip route-static 10.1.1.0 255.255.255.0 Tunnel 0 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
<RTB>
配置好后需要ACL中规定的感兴趣流去触发安全联盟的建立!!!!!!!!
转载于:https://blog.51cto.com/baozhulong/25933