Linux拨IPSec网络不通,简单的ipsec 为何不通？（附配置摘要）

R1--s1/0-------------------R2--s1/0

12.1.1.1                            12.1.1.2

各自loopback0 1.1.1.1 2.2.2.2 /24

R1：

crypto isakmp policy 1

authentication pre-share

crypto isakmp key cisco address 12.1.1.2

!

!

crypto ipsec transform-set test esp-3des esp-sha-hmac

!

crypto map 1 1 ipsec-isakmp

set peer 12.1.1.2

set transform-set test

match address 100

access-list 100 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

R2：

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

crypto isakmp key cisco address 12.1.1.1

crypto ipsec transform-set test esp-3des esp-sha-hmac

!

crypto map 1 1 ipsec-isakmp

set peer 12.1.1.1

set transform-set test

match address 100

!

access-list 100 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255

各自的s1/0接口调用 crypto map 1

本帖最后由 cisco-ie 于 2011-5-26 14:18 编辑

分享至：