Cisco VPP IPSec配置

原文地址：https://blog.csdn.net/u010827484/article/details/79390258

IPSEC SA：

ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58
ipsec sa add 20 spi 1000 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58
ipsec spd add 1
set interface ipsec spd GigabitEthernet2/6/0 1
ipsec policy add spd 1 priority 10 inbound action protect sa 20 local-ip-range 192.168.10.10 - 192.168.10.10 remote-ip-range 192.168.10.20 - 192.168.10.20
ipsec policy add spd 1 priority 10 outbound action protect sa 10 local-ip-range 192.168.10.10 - 192.168.10.10 remote-ip-range 192.168.10.20 - 192.168.10.20


ipsec sa add 10 spi 1000 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58
ipsec sa add 20 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58
ipsec spd add 1
set interface ipsec spd GigabitEthernet2/6/0 1
ipsec policy add spd 1 priority 10 inbound action protect sa 20 local-ip-range 192.168.10.20 - 192.168.10.20 remote-ip-range 192.168.10.10 - 192.168.10.10
ipsec policy add spd 1 priority 10 outbound action protect sa 10 local-ip-range 192.168.10.20 - 192.168.10.20 remote-ip-range 192.168.10.10 - 192.168.10.10


ipsec policy add spd 1 priority 100 inbound action bypass protocol 50
ipsec policy add spd 1 priority 100 outbound action bypass protocol 50