试验拓扑如下:
FW1与FW2之间配置IPSec,使用ah-esp 认证与加密
FW1部分关键代码:
acl number 3000
rule 10 permit ip source 192.168.1.0 0.0.0.255 destination 10.0.0.0 0.0.0.255
#
ipsec proposal xk
transform ah-esp
ah authentication-algorithm sha2-256
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ipsec policy map1 10 manual
security acl 3000
proposal xk
tunnel local 1.1.1.1
tunnel remote 1.1.1.2
sa spi inbound ah 678