650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/8C/A9/wKioL1h0PzPDjoK3AADDHMrk6LE174.jpg-wh_500x0-wm_ 3-wmp_4-s_3945919859.jpg "title=" 1234.jpg "alt=" Wkiol1h0pzpdjok3aaddhmrk6le174.jpg-wh_50 "/>
Objective: To establish an IPSec tunnel with 200.1.1.2.100.1.1.1.
Two: Configure basic commands
1 Configuration ACL :
[Msr_1]acl Advanced 3000
[Msr_1-acl-ipv4-adv-3000]rule permit IP source 192.168.0.1 0 destination 10.0.0.1 0
2 Create IPsec Security Proposals
[Msr_1]ipsec Transform-set Tran
[Msr_1-ipsec-transform-set-tran]encapsulation-mode Tunnel
[Msr_1-ipsec-transform-set-tran]protocol ESP
[Msr_1-ipsec-transform-set-tran]esp encryption-algorithm aes-cbc-128
[Msr_1-ipsec-transform-set-tran]esp Authentication-algorithm SHA1
3 Create IKE Keychain
[Msr_1]ike Keychain Test
[Msr_1-ike-keychain-test]pre-shared-key address 200.1.1.2 255.255.255.0 key Simple 123456
4 Creating an IKE proposal
[Msr_1]ike Proposal 100
[Msr_1-ike-proposal-100]encryption-algorithm 3DES-CBC
[Msr_1-ike-proposal-100]authentication-method Pre-share
[Msr_1-ike-proposal-100]authentication-algorithm MD5
[Msr_1-ike-proposal-100]dh group1
5 Create IKE Profile
[Msr_1]ike Profile Profile1
[Msr_1-ike-profile-profile1]keychain Test
[Msr_1-ike-profile-profile1]local-identity Address 100.1.1.1
[Msr_1-ike-profile-profile1]match Remote Identity address 200.1.1.2 255.255.255.0
[Msr_1-ike-profile-profile1]proposal 100
6 Create a IKE the way of negotiation IPsec Security Policy
[Msr_1]ipsec Policy Test ISAKMP
[Msr_1-ipsec-policy-isakmp-test-10]remote-address 200.1.1.2
[Msr_1-ipsec-policy-isakmp-test-10]security ACL 3000
[Msr_1-ipsec-policy-isakmp-test-10]transform-set Tran
[Msr_1-ipsec-policy-isakmp-test-10]ike-profile Profile1
7 Interface Applications:
[Msr_1]int g0/0
[Msr_1-gigabitethernet0/0]ipsec Apply Policy test
The other end of the device mirroring configuration can be.
Three: Grab the bag:
650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/8C/AD/wKiom1h0P9fSI1KbAALrSOzslpU127.jpg-wh_500x0-wm_ 3-wmp_4-s_3461342299.jpg "title=" 1234.jpg "alt=" Wkiom1h0p9fsi1kbaalrsozslpu127.jpg-wh_50 "/>
ESP packet: 650) this.width=650; "Src=" Https://s5.51cto.com/wyfs02/M01/8C/A9/wKioL1h0QB7T1eL5AACawxg_7bo028.jpg-wh_ 500x0-wm_3-wmp_4-s_956322374.jpg "title=" 1234.jpg "alt=" Wkiol1h0qb7t1el5aacawxg_7bo028.jpg-wh_50 "/>
This article is from the "9146252" blog, please be sure to keep this source http://9156252.blog.51cto.com/9146252/1890627
H3C V7 Ispec most basic configuration