亚洲综合日韩在线不卡第一页,欧美ZOAV在线不卡,午夜AV

一、H3C Router配置：
system-view//進(jìn)入配置模式
[H3CRouter]local-user admin//添加本地用戶(hù)
[H3CRouter-luser-cisco]password simple admin//為添加的用戶(hù)設(shè)置密碼
[H3CRouter-luser-cisco]service-type web//開(kāi)啟網(wǎng)頁(yè)配置功能
[H3CRouter-luser-cisco]quit
[H3CRouter]Ethernetinterface Ethernet 0/0//進(jìn)入接口配置模式
[H3CRouter-Ethernet0/0]ip address 123.15.36.140 255.255.255.128//配置外網(wǎng)接口地址
[H3CRouter-Ethernet0/0]quit//退出接口配置模式
[H3CRouter-Ethernet0/1]ip address 172.18.253.1 255.255.255.0//配置內(nèi)外接口地址
[H3CRouter-Ethernet0/0]quit//退出接口配置模式
[H3CRouter]ip route-static 0.0.0.0 0.0.0.0 123.15.36.129//配置靜態(tài)路由
[H3CRouter]acl number 3000//創(chuàng)建訪問(wèn)控制列表
[H3CRouter-acl-3000]rule 5 permit ip source 172.18.253.0 0.0.0.255//允許內(nèi)網(wǎng)網(wǎng)段訪問(wèn)公網(wǎng)
[H3CRouter-Ethernet0/0]quit//退出接口配置模式
[H3CRouter]acl number 3001//創(chuàng)建訪問(wèn)控制列表
[H3CRouter-acl-3001]rule 0 permit ip source 172.18.253.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
rule 5 deny ip//拒絕除內(nèi)網(wǎng)網(wǎng)段以為的網(wǎng)段訪問(wèn)遠(yuǎn)端子網(wǎng)
[H3CRouter]Ethernetinterface Ethernet 0/0//進(jìn)入接口配置模式
[H3CRouter-Ethernet0/0]nat outbound 3000//在外網(wǎng)接口上啟用ACL 3000
[H3CRouter-Ethernet0/0]quit//退出接口配置模式
[H3CRouter]ike proposal 1//創(chuàng)建IKE提議，并進(jìn)入IKE提議視圖
[H3CRouter]ike peer fenzhi//創(chuàng)建一個(gè)IKE對(duì)等體，并進(jìn)入IKE-Peer視圖
[H3CRouter-ike-peer-fenzhi]exchange-mode aggressive//配置IKE第一階段的協(xié)商為野蠻模式
[H3CRouter-ike-peer-fenzhi]proposal 1//配置IKE對(duì)等體引用的IKE安全提議
[H3CRouter-ike-peer-fenzhi]pre-shared-key simple abc123//配置采用預(yù)共享密鑰認(rèn)證時(shí)，所使用的預(yù)共享密鑰
[H3CRouter-ike-peer-fenzhi]id-type name//選擇IKE第一階段的協(xié)商過(guò)程中使用ID的類(lèi)型
[H3CRouter-ike-peer-fenzhi]remote-name fenzhi//配置對(duì)端安全網(wǎng)關(guān)的名字
[H3CRouter-ike-peer-fenzhi]remote-address fenzhi dynamic//配置對(duì)端安全網(wǎng)關(guān)的IP地址
[H3CRouter-ike-peer-fenzhi]local-address 123.15.36.140//配置本端安全網(wǎng)關(guān)的IP地址
H3CRouter-ike-peer-fenzhi]local-name center//配置本端安全網(wǎng)關(guān)的名字
[H3CRouter-ike-peer-fenzhi]nat traversal//配置IKE/IPsec的NAT穿越功能
[H3CRouter-ike-peer-fenzhi]quit
[H3CRouter]ipsec transform-set fenzhi//配置IPsec安全提議fenzhi
[H3CRouter-ipsec-transform-set-tran1]encapsulation-mode tunnel//報(bào)文封裝形式采用隧道模式
[H3CRouter-ipsec-transform-set-tran1]transform esp//安全協(xié)議采用ESP協(xié)議
[H3CRouter-ipsec-transform-set-tran1]esp encryption-algorithm 3des//選擇ESP協(xié)議采用的加密算法
[H3CRouter-ipsec-transform-set-tran1]esp authentication-algorithm md5//選擇ESP協(xié)議采用的認(rèn)證算法
[H3CRouter-ipsec-transform-set-tran1]quit
[H3CRouter]ipsec policy 983040 1 isakmp//創(chuàng)建一條IPsec安全策略，協(xié)商方式為isakmp
[H3CRouter-ipsec-policy-isakmp-use1-10]security acl 3001//引用訪問(wèn)控制列表3001
[H3CRouter-ipsec-policy-isakmp-use1-10]transform-set fenzhi//引用IPsec安全提議
[H3CRouter-ipsec-policy-isakmp-use1-10]ike-peer fenzhi//引用IKE對(duì)等體
[H3CRouter-ipsec-policy-isakmp-use1-10]quit
[H3CRouter]interface ethernet 0/0//進(jìn)入外部接口
[H3CRouter-Ethernet0/1]ipsec policy 983040//在外部接口上應(yīng)用IPsec安全策略組
驗(yàn)證配置結(jié)果
[H3CRouter]display ike proposal
priority authentication authentication encryption Diffie-Hellman duration
method algorithm algorithm group(seconds)
---------------------------------------------------------------------------
10 PRE_SHARED MD5 DES_CBC MODP_768 5000
default PRE_SHARED SHA DES_CBC MODP_768 86400
[H3CRouter]display ike proposal
priority authentication authentication encryption Diffie-Hellman duration
method algorithm algorithm group(seconds)
---------------------------------------------------------------------------
default PRE_SHARED SHA DES_CBC MODP_768 86400
可通過(guò)如下顯示信息查看到IKE協(xié)商成功后生成的兩個(gè)階段的SA。
[H3CRouter]display ike sa
total phase-1 SAs:1
connection-id peer flag phase doi
----------------------------------------------------------
1 219.140.142.211 RD|ST 1 IPSEC
2 219.140.142.211 RD|ST 2 IPSEC
flag meaning
RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO—TIMEOUT RK-REKEY
IKE第二階段協(xié)商生成的IPsec SA用于保護(hù)子網(wǎng)10.1.1.0/24與子網(wǎng)10.1.2.0/24之間的數(shù)據(jù)流，可通過(guò)如下顯示信息查看。
[H3CRouter]display ipsec sa
===============================
Interface:Ethernet0/1
path MTU:1500
===============================
-----------------------------
IPsec policy name:"map1"
sequence number:10
acl version:ACL4
mode:isakmp
-----------------------------
PFS:N,DH group:none
tunnel:
local address:123.15.36.140
remote address:219.140.142.211
flow:
sour addr:172.18.253.0/255.255.255.0 port:0 protocol:IP
dest addr:192.168.2.0/255.255.255.0 port:0 protocol:IP
[inbound ESP SAs]
spi:0x3D6D3A62(1030568546)
transform:ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting:Tunnel
connection id:1
sa duration(kilobytes/sec):1843200/3600
sa remaining duration(kilobytes/sec):1843199/3590
anti-replay detection:Enabled
anti-replay window size(counter based):32
udp encapsulation used for nat traversal:N
[outbound ESP SAs]
spi:0x553FAAE(89389742)
transform:ESP-ENCRYPT-DES ESP-AUTH-SHA1
in use setting:Tunnel
connection id:2
sa duration(kilobytes/sec):1843200/3600
sa remaining duration(kilobytes/sec):1843199/3590
anti-replay detection:Enabled
anti-replay window size(counter based):32
udp encapsulation used for nat traversal:N
二、東用科技路由器IPSec VPN配置
● ORB305

● ORB301

聲明：本文內(nèi)容及配圖由入駐作者撰寫(xiě)或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點(diǎn)僅代表作者本人，不代表電子發(fā)燒友網(wǎng)立場(chǎng)。文章及其配圖僅供工程師學(xué)習(xí)之用，如有內(nèi)容侵權(quán)或者其他違規(guī)問(wèn)題，請(qǐng)聯(lián)系本站處理。舉報(bào)投訴

VPN

VPN

+關(guān)注

關(guān)注
4

文章
303

瀏覽量
31630
路由器

路由器

+關(guān)注

關(guān)注
22

文章
3892

瀏覽量
118882
IPSec

IPSec

+關(guān)注

關(guān)注
0

文章
59

瀏覽量
23843

chinese直男口爆体育生外卖, 99久久er热在这里只有精品99, 又色又爽又黄18禁美女裸身无遮挡, gogogo高清免费观看日本电视,私密按摩师高清版在线,人妻视频毛茸茸,91论坛兴趣闲谈,欧美亚洲精品 8区,国产精品久久久久精品免费

搜索歷史

東用科技路由器與H3C Router構(gòu)建IPSec VPN配置指導(dǎo)手冊(cè)

評(píng)論