1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
##### Route A ###################################
interface Tunnel 0 mode gre
ip address 10.254.1.2255.255.255.252
source
2.2.2.2
destination 6.6.6.6
ipsec apply policy 3100
#
acl advanced 3100
description IPSEC OVER GRE
rule 10 permit ip
source
172.23.0.0 0.0.255.255 destination 172.21.0.0 0.0.255.255
#
ipsec transform-
set
3100
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ipsec policy 3100 1 isakmp
transform-
set
3100
security acl 3100
ike-profile 3100
remote-address 10.254.1.1
#
ike profile 3100
keychain 3100
exchange-mode aggressive
match remote identity address 10.254.1.1 255.255.255.252
proposal 3100
#
ike proposal 3100
#
ike keychain 3100
pre-shared-key address 10.254.1.1 0.0.0.0 key simple 8D3.qCeP
#
ip route-static 172.21.0.0 16 Tunnel 0
#
security-zone name Untrust
import
interface Tunnel 0
##### Route B ###################################
interface Tunnel 0 mode gre
ip address 10.254.1.1 255.255.255.252
source
6.6.6.6
destination 2.2.2.2
ipsec apply policy 3100
#
ip route-static 172.23.0.016 Tunnel 0
#
acl advanced 3100
description IPSEC OVER GRE
rule 10 permit ip
source
172.21.0.0 0.0.255.255 destination 172.23.0.0 0.0.255.255
#
ipsec transform-
set
3100
esp encryption-algorithm 3des-cbc
esp authentication-algorithm sha1
#
ipsec policy 3100 1 isakmp
transform-
set
3100
security acl 3100
remote-address 10.254.1.2
ike-profile 3100
#
ike profile 3100
keychain 3100
exchange-mode aggressive
match remote identity address 10.254.1.2 255.255.255.252
proposal 3100
#
ike proposal 3100
#
ike keychain 3100
pre-shared-key address 10.254.1.2 0.0.0.0 key simple 8D3.qCeP
#
security-zone name Untrust
import
interface Tunnel 0
|
本文转自 nonono11 51CTO博客,原文链接:http://blog.51cto.com/abian/1974316,如需转载请自行联系原作者