Configuration de l'expérience IPSec 【一】

Others 2020-04-19 10:21:05 views: null

Exigences expérimentales

Configurer PC1 ~ PC2 pour être accessible
Configurer ACL pour faire correspondre les paquets de la source IP 192.168.1.0 à 192.168.2.0 pour l'authentification
Configurer le mode d'établissement SA à configurer manuellement

Topologie expérimentale

Insérez la description de l'image ici

Configuration expérimentale

AR1

ip route-static 12.0.0.0 255.255.255.0 11.0.0.2
ip route-static 192.168.2.0 255.255.255.0 12.0.0.2
[Huawei]acl 3001
[Huawei-acl-adv-3001]rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 1
92.168.2.0 0.0.0.255
[Huawei]ipsec proposal tran1
[Huawei-ipsec-proposal-tran1]esp authentication-algorithm sha1
[Huawei-ipsec-proposal-tran1]quit
[Huawei]ipsec policy P1 10 manual   //manual代表手动配置SA
[Huawei-ipsec-policy-manual-P1-10]security acl 3001
[Huawei-ipsec-policy-manual-P1-10]proposal tran1
[Huawei-ipsec-policy-manual-P1-10]tunnel remote 12.0.0.2
[Huawei-ipsec-policy-manual-P1-10]tunnel local 11.0.0.1
[Huawei-ipsec-policy-manual-P1-10]sa spi outbound esp 54321   //密钥队
[Huawei-ipsec-policy-manual-P1-10]sa spi inbound esp 12345
[Huawei-ipsec-policy-manual-P1-10]sa string-key outbound esp simple huawei  //simple为明文密码
[Huawei-ipsec-policy-manual-P1-10]sa string-key inbound esp simple huawei
[Huawei-ipsec-policy-manual-P1-10]quit
[Huawei]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ipsec policy P1
[Huawei-GigabitEthernet0/0/1]quit

Insérez la description de l'image ici

AR3

<Huawei>u  t  m 
<Huawei>system-view 
[Huawei]inter g0/0/0
[Huawei]inter g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 11.0.0.2 24
[Huawei-GigabitEthernet0/0/0]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]ip route-static 192.168.1.0 24 11.0.0.1
[Huawei]ip route-static 192.168.2.0 24 12.0.0.2

AR2

#配置路由可达
<Huawei>u t m 
<Huawei>system-view 
[Huawei]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[Huawei-GigabitEthernet0/0/1]inter g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.2.254 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 11.0.0.0 24 12.0.0.1
[Huawei]ip route-static 192.168.1.0 24 11.0.0.1
#配置ACL
[Huawei]acl 3002
[Huawei-acl-adv-3002]rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 1
92.168.1.0 0.0.0.255
[Huawei-acl-adv-3002]quit
[Huawei]ipsec proposal tran1
[Huawei-ipsec-proposal-tran1]esp authentication-algorithm sha1
[Huawei-ipsec-proposal-tran1]quit
[Huawei]ipsec policy P1 10 manual 
[Huawei-ipsec-policy-manual-P1-10]security acl 3002
[Huawei-ipsec-policy-manual-P1-10]proposal tran1
[Huawei-ipsec-policy-manual-P1-10]tunnel remote 11.0.0.1
[Huawei-ipsec-policy-manual-P1-10]tunnel local 12.0.0.2
[Huawei-ipsec-policy-manual-P1-10]sa spi outbound esp 12345
[Huawei-ipsec-policy-manual-P1-10]sa spi inbound esp 54321
[Huawei-ipsec-policy-manual-P1-10]sa string-key outbound  esp simple huawei
[Huawei-ipsec-policy-manual-P1-10]sa string-key inbound esp simple huawei
[Huawei-ipsec-policy-manual-P1-10]quit
[Huawei]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ipsec policy P1
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]disp ipsec policy

Insérez la description de l'image ici

Capturer

La capture de paquets depuis PC2 ping PC1 est illustrée dans la figure
Insérez la description de l'image ici
avant que le tunnel VPN ne soit configuré, l'IP source et l'IP de destination sont des IP intranet, et le type de protocole est le protocole ICMP, et la capture de paquets peut être obtenue.

Extraordinaire
Publié 41 articles originaux · loué 65 · 20 000+ vues
lettre privée préoccupations

Je suppose que tu aimes

Origine blog.csdn.net/qq_39689711/article/details/105451247
conseillé
Classement
du quotidien
Plus
2024-05-18(31)
2024-05-17(4)
2024-05-16(25)
2024-05-15(5)
2024-05-14(11)
2024-05-13(7)
2024-05-12(22)
2024-05-11(31)
2024-05-10(33)
2024-05-09(31)

Code World

© 2018 codetd.com