华为 eNsp ipSec vpn实验配置（1）

实验要求配置PC1~PC2的路由可达配置ACL匹配源IP192.168.1.0到192.168.2.0的数据包进行认证配置SA建立方式为手工配置实验拓扑实验配置AR1ip route-static 12.0.0.0 255.255.255.0 11.0.0.2ip route-static 192.168.2.0 255.255.255.0 12.0.0.2[Huawei]ac...

超凡脫俗

22631人浏览 · 2020-04-11 14:32:14

超凡脫俗 · 2020-04-11 14:32:14 发布

实验要求

配置PC1~PC2的路由可达
配置ACL匹配源IP192.168.1.0到192.168.2.0的数据包进行认证
配置SA建立方式为手工配置

实验拓扑

在这里插入图片描述

实验配置

AR1

ip route-static 12.0.0.0 255.255.255.0 11.0.0.2
ip route-static 192.168.2.0 255.255.255.0 12.0.0.2
[Huawei]acl 3001
[Huawei-acl-adv-3001]rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 1
92.168.2.0 0.0.0.255
[Huawei]ipsec proposal tran1
[Huawei-ipsec-proposal-tran1]esp authentication-algorithm sha1
[Huawei-ipsec-proposal-tran1]quit
[Huawei]ipsec policy P1 10 manual   //manual代表手动配置SA
[Huawei-ipsec-policy-manual-P1-10]security acl 3001
[Huawei-ipsec-policy-manual-P1-10]proposal tran1
[Huawei-ipsec-policy-manual-P1-10]tunnel remote 12.0.0.2
[Huawei-ipsec-policy-manual-P1-10]tunnel local 11.0.0.1
[Huawei-ipsec-policy-manual-P1-10]sa spi outbound esp 54321   //密钥队
[Huawei-ipsec-policy-manual-P1-10]sa spi inbound esp 12345
[Huawei-ipsec-policy-manual-P1-10]sa string-key outbound esp simple huawei  //simple为明文密码
[Huawei-ipsec-policy-manual-P1-10]sa string-key inbound esp simple huawei
[Huawei-ipsec-policy-manual-P1-10]quit
[Huawei]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ipsec policy P1
[Huawei-GigabitEthernet0/0/1]quit

在这里插入图片描述

AR3

<Huawei>u  t  m 
<Huawei>system-view 
[Huawei]inter g0/0/0
[Huawei]inter g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 11.0.0.2 24
[Huawei-GigabitEthernet0/0/0]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[Huawei-GigabitEthernet0/0/1]quit

AR2

#配置路由可达
<Huawei>u t m 
<Huawei>system-view 
[Huawei]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 12.0.0.2 24
[Huawei-GigabitEthernet0/0/1]inter g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 192.168.2.254 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]ip route-static 11.0.0.0 24 12.0.0.1
[Huawei]ip route-static 192.168.1.0 24 11.0.0.1
#配置ACL
[Huawei]acl 3002
[Huawei-acl-adv-3002]rule 5 permit ip source 192.168.2.0 0.0.0.255 destination 1
92.168.1.0 0.0.0.255
[Huawei-acl-adv-3002]quit
[Huawei]ipsec proposal tran1
[Huawei-ipsec-proposal-tran1]esp authentication-algorithm sha1
[Huawei-ipsec-proposal-tran1]quit
[Huawei]ipsec policy P1 10 manual 
[Huawei-ipsec-policy-manual-P1-10]security acl 3002
[Huawei-ipsec-policy-manual-P1-10]proposal tran1
[Huawei-ipsec-policy-manual-P1-10]tunnel remote 11.0.0.1
[Huawei-ipsec-policy-manual-P1-10]tunnel local 12.0.0.2
[Huawei-ipsec-policy-manual-P1-10]sa spi outbound esp 12345
[Huawei-ipsec-policy-manual-P1-10]sa spi inbound esp 54321
[Huawei-ipsec-policy-manual-P1-10]sa string-key outbound  esp simple huawei
[Huawei-ipsec-policy-manual-P1-10]sa string-key inbound esp simple huawei
[Huawei-ipsec-policy-manual-P1-10]quit
[Huawei]inter g0/0/1
[Huawei-GigabitEthernet0/0/1]ipsec policy P1
[Huawei-GigabitEthernet0/0/1]quit

[Huawei]disp ipsec policy

在这里插入图片描述