H3C Cisco IPSec 对接
华3配置
<RouterA> system-view
[RouterA] acl advanced 3101
[RouterA-acl-ipv4-adv-3101] rule permit ip source 3.3.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
[RouterA-acl-ipv4-adv-3101] quit
[RouterA] ip route-static 3.3.3.0 255.255.255.0 12.1.1.2 # 配置到达Host B所在子网的静态路由。12.1.1.2为本例中的直连下一跳地址,实际使用中请以具体组网情况为准。
[RouterA] ipsec transform-set tran1 # 创建IPsec安全提议tran1。
[RouterA-ipsec-transform-set-tran1] encapsulation-mode tunnel # 配置安全协议对IP报文的封装形式为隧道模式。
[RouterA-ipsec-transform-set-tran1] protocol esp # 配置采用的安全协议为ESP。
[RouterA-ipsec-transform-set-tran1] esp encryption-algorithm 3des-cbc # 配置ESP协议采用的加密算法为3des-cbc ,认证算法为md5 。
[RouterA-ipsec-transform-set-tran1] esp authentication-algorithm md5
[RouterA-ipsec-transform-set-tran1] pfs dh-group2
[RouterA-ipsec-transform-set-tran1] quit
[RouterA] ike keychain keychain1 # 创建并配置IKE keychainÿ