华为的IPsec ×××（野蛮模式）-白红宇

华为的IPsec ×××（野蛮模式）

阅读量：6173 次

发布时间：2019-06-21

本文共 2754 字，大约阅读时间需要 9 分钟。

A端设备

# 配置名为tran1 的IPSec 提议。

[Eudemon A] ipsec proposal tran1

[Eudemon A-ipsec-proposal-tran1] transform esp

[Eudemon A-ipsec-proposal-tran1] encapsulation-mode tunnel

[Eudemon A-ipsec-proposal-tran1] esp authentication-algorithmmd5

[Eudemon A-ipsec-proposal-tran1] esp encryption-algorithm des

[Eudemon A-ipsec-proposal-tran1] quit

# 创建IKE 提议10。

[Eudemon A] ike proposal 10

[Eudemon A-ike-proposal-10] authentication-method pre-share

[Eudemon A-ike-proposal-10] authentication-algorithm md5

[Eudemon A-ike-proposal-10] sa duration 5000

[Eudemon A-ike-proposal-10] quit

# 进入IKE Peer 视图。

[Eudemon A] ike local-name E100

[Eudemon A] ike peer a

# 引用IKE 安全提议。

[Eudemon A-ike-peer-a] ike-proposal 10

[Eudemon A-ike-peer-a] exchange-mode aggressive

[Eudemon A-ike-peer-a] local-id-type name

[Eudemon A-ike-peer-a] local-address 202.39.169.1

[Eudemon A-ike-peer-a] local-name E100

[Eudemon A-ike-peer-a] remote-name E200

[Eudemon A-ike-peer-a] pre-shared-key abcde

[Eudemon A-ike-peer-a] quit

# 创建安全策略。

[Eudemon A] ipsec policy map1 10 isakmp

[Eudemon A-ipsec-policy-isakmp-map1-10] ike-peer a

[Eudemon A-ipsec-policy-isakmp-map1-10] proposal tran1

[Eudemon A-ipsec-policy-isakmp-map1-10] security acl 3000

[Eudemon A-ipsec-policy-isakmp-map1-10] quit

# 进入以太网接口视图。

[Eudemon A] interface Ethernet 0/0/0

[Eudemon A-Ethernet0/0/0] ipsec policy map1

[Eudemon A-Ethernet0/0/0]quit

B端设备(ADSL拨号)

# 配置名为tran1 的IPSec 提议。

[Eudemon B] ipsec proposal tran1

[Eudemon B-ipsec-proposal-tran1] transform esp

[Eudemon B-ipsec-proposal-tran1] encapsulation-mode tunnel

[Eudemon B-ipsec-proposal-tran1] esp authentication-algorithmmd5

[Eudemon B-ipsec-proposal-tran1] esp encryption-algorithm des

[Eudemon B-ipsec-proposal-tran1] quit

# 创建号码为10 的IKE 提议。

[Eudemon B] ike proposal 10

[Eudemon B-ike-proposal-10] authentication-method pre-share

[Eudemon B-ike-proposal-10] authentication-algorithm md5

[Eudemon B-ike-proposal-10] sa duration 5000

[Eudemon B-ike-proposal-10] quit

# 创建名为a 的IKE Peer。

[Eudemon B] ike local-name E200

[Eudemon B] ike peer a

[Eudemon B-ike-peer-a] ike-proposal 10

[Eudemon B-ike-peer-a] exchange-mode aggressive

[Eudemon B-ike-peer-a] local-id-type name

[Eudemon B-ike-peer-a] remote-address 202.39.169.1

[Eudemon B-ike-peer-a] remote-name E100

[Eudemon B-ike-peer-a] local-name E200

[Eudemon B-ike-peer-a] pre-shared-key abcde

[Eudemon B-ike-peer-a] quit

# 创建IPSec 策略。

[Eudemon B] ipsec policy map1 10 isakmp

[Eudemon B-ipsec-policy-isakmp-map1-10] ike-peer a

[Eudemon B-ipsec-policy-isakmp-map1-10] proposal tran1

[Eudemon B-ipsec-policy-isakmp-map1-10] security acl 3000

[Eudemon B-ipsec-policy-isakmp-map1-10] quit

# 进入以太网接口视图。

[Eudemon B] interface Ethernet 0/0/0

[Eudemon B-Ethernet0/0/0] ipsec policy map1

转载于:https://blog.51cto.com/8669236/1369227

你可能感兴趣的文章

转换PHP脚本成为windows的执行程序

查看>>

Python组织文件实践：将带有美国风格日期的文件改名为欧洲风格日期

查看>>

FATAL ERROR: Could not find ./bin/my_print_defaults 解决方法

查看>>

Spring - @ControllerAdvice + @ExceptionHandler全局处理Controller层异常（转）

查看>>

JAVA中的内部类(一)

查看>>

20145337 《信息安全系统设计基础》第五周学习总结

查看>>

Android常见控件— — —ProgressBar

MySQL事务锁问题-Lock wait timeout exceeded

All roads lead to Rome, some smooth, some rough.

51 nod 1766 树上的最远点对(线段树+lca)

查看>>