实验拓扑:
要求:
pc1 pc2之间使用IPsec 通信
配置:
R1:
sysname r1
#
acl number 3000
rule 1 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
#
ipsec proposal yyy
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ike proposal 1
encryption-algorithm aes-cbc-128
dh group5
authentication-algorithm md5
sa duration 3600
#
ike peer yyy v1
pre-shared-key simple 123
ike-proposal 1
remote-address 200.1.1.1
#
ipsec policy yyy 1 isakmp
security acl 3000
ike-peer yyy
proposal yyy
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 100.1.1.1 255.255.255.0
ipsec policy yyy
#
ip route-static 0.0.0.0 0.0.0.0 100.1.1.2
r3:
#
sysname r3
#
acl number 3000
rule 1 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
ipsec proposal yyy
esp authentication-algorithm sha1
esp encryption-algorithm 3des
#
ike proposal 1
encryption-algorithm aes-cbc-128
dh group5
authentication-algorithm md5
sa duration 3600
#
ike peer yyy v1
pre-shared-key simple 123
ike-proposal 1
remote-address 100.1.1.1
#
ipsec policy yyy 1 isakmp
security acl 3000
ike-peer yyy
proposal yyy
#
interface GigabitEthernet0/0/0
ip address 200.1.1.1 255.255.255.0
ipsec policy yyy
#
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 200.1.1.2
实验结果: