华为的IPsec VPN(野蛮模式)

  A端设备

  # 配置名为tran1 的IPSec 提议。

  华为的IPsec VPN(野蛮模式)

  [Eudemon A] ipsec proposal tran1

  [Eudemon A-ipsec-proposal-tran1] transform esp

  [Eudemon A-ipsec-proposal-tran1] encapsulation-mode tunnel

  [Eudemon A-ipsec-proposal-tran1] esp authentication-algorithmmd5

  [Eudemon A-ipsec-proposal-tran1] esp encryption-algorithm des

  [Eudemon A-ipsec-proposal-tran1] quit

  # 创建IKE 提议10。

  [Eudemon A] ike proposal 10

  [Eudemon A-ike-proposal-10] authentication-method pre-share

  [Eudemon A-ike-proposal-10] authentication-algorithm md5

  [Eudemon A-ike-proposal-10] sa duration 5000

  [Eudemon A-ike-proposal-10] quit

  # 进入IKE Peer 视图。

  [Eudemon A] ike local-name E100

  [Eudemon A] ike peer a

  # 引用IKE 安全提议。

  [Eudemon A-ike-peer-a] ike-proposal 10

  [Eudemon A-ike-peer-a] exchange-mode aggressive

  [Eudemon A-ike-peer-a] local-id-type name

  [Eudemon A-ike-peer-a] local-address 202.39.169.1

  [Eudemon A-ike-peer-a] local-name E100

  [Eudemon A-ike-peer-a] remote-name E200

  [Eudemon A-ike-peer-a] pre-shared-key abcde

  [Eudemon A-ike-peer-a] quit

  # 创建安全策略。

  [Eudemon A] ipsec policy map1 10 isakmp

  [Eudemon A-ipsec-policy-isakmp-map1-10] ike-peer a

  [Eudemon A-ipsec-policy-isakmp-map1-10] proposal tran1

  [Eudemon A-ipsec-policy-isakmp-map1-10] security acl 3000

  [Eudemon A-ipsec-policy-isakmp-map1-10] quit

  # 进入以太网接口视图。

  [Eudemon A] interface Ethernet 0/0/0

  [Eudemon A-Ethernet0/0/0] ipsec policy map1

  [Eudemon A-Ethernet0/0/0]quit

  B端设备(ADSL拨号)

  # 配置名为tran1 的IPSec 提议。

  [Eudemon B] ipsec proposal tran1

  [Eudemon B-ipsec-proposal-tran1] transform esp

  [Eudemon B-ipsec-proposal-tran1] encapsulation-mode tunnel

  [Eudemon B-ipsec-proposal-tran1] esp authentication-algorithmmd5

  [Eudemon B-ipsec-proposal-tran1] esp encryption-algorithm des

  [Eudemon B-ipsec-proposal-tran1] quit

  # 创建号码为10 的IKE 提议。

  [Eudemon B] ike proposal 10

  [Eudemon B-ike-proposal-10] authentication-method pre-share

  [Eudemon B-ike-proposal-10] authentication-algorithm md5

  [Eudemon B-ike-proposal-10] sa duration 5000

  [Eudemon B-ike-proposal-10] quit

  # 创建名为a 的IKE Peer。

  [Eudemon B] ike local-name E200

  [Eudemon B] ike peer a

  [Eudemon B-ike-peer-a] ike-proposal 10

  [Eudemon B-ike-peer-a] exchange-mode aggressive

  [Eudemon B-ike-peer-a] local-id-type name

  [Eudemon B-ike-peer-a] remote-address 202.39.169.1

  [Eudemon B-ike-peer-a] remote-name E100

  [Eudemon B-ike-peer-a] local-name E200

  [Eudemon B-ike-peer-a] pre-shared-key abcde

  [Eudemon B-ike-peer-a] quit

  # 创建IPSec 策略。

  [Eudemon B] ipsec policy map1 10 isakmp

  [Eudemon B-ipsec-policy-isakmp-map1-10] ike-peer a

  [Eudemon B-ipsec-policy-isakmp-map1-10] proposal tran1

  [Eudemon B-ipsec-policy-isakmp-map1-10] security acl 3000

  [Eudemon B-ipsec-policy-isakmp-map1-10] quit

  # 进入以太网接口视图。

  [Eudemon B] interface Ethernet 0/0/0

  [Eudemon B-Ethernet0/0/0] ipsec policy map1

 

上一篇:安卓防火墙 PS DroidWall

下一篇:IPsec VPN的交互模式