IPsec VPN detailed--dynamic address

Source: Internet
Author: User
Tags sha1

two.Dynamic AddressVpnSet

650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/20/301e6a690adc1a32663cbb0f8f99fe8d.png-wh_500x0-wm_3 -wmp_4-s_2534262614.png "title=" Qq20171120202121.png "alt=" 301e6a690adc1a32663cbb0f8f99fe8d.png-wh_ "/>


1.Networking Requirements

(1)         &NBSP, branch LAN via private line access to the corporate intranet, Router A serial2/0 address, Router B address.

(2) The IP address automatically obtained by the branch office is the private IP address , andthe IP address of the serial2/0 interface of Router a is the public address, so The NAT traversal feature is required on Router B .

(3) in order to ensure information security , the Ipsec/ike method is used to create a secure tunnel.

2.Configuration Steps

(1) configuration Router A

# Configure the name of the local security gateway device.

<routera>system-view

[Routera]ike local-name RouterA

# Configure ACLs.

[routera]acl number 3101 Match-order Auto

[Routera-acl-adv-3101]rule Permit IP source Any destination any allows all data to pass through

[Routera-acl-adv-3101]quit

# Configure the address pool.

[Routera]ip Pool 1 10.0.0.2 10.0.0.10

# Configure the IKE peers peer.

[Routera]ike Peer Peer

[Routera-ike-peer-peer]exchange-mode aggressive // Negotiation mode for Savage mode

[Routera-ike-peer-peer]pre-shared-key ABC // Configure preshared key, this key must be consistent with the peer

[Routera-ike-peer-peer]id-type name // negotiation type for use named

[Routera-ike-peer-peer]remote-name routerb // Configure peer-to-peer naming

[Routera-ike-peer-peer]quit

# Create IPSec security proposal prop.

[Routera]ipsec proposal Prop

[Routera-ipsec-proposal-prop]encapsulation-mode Tunnel tunnel mode

[Routera-ipsec-proposal-prop]transform ESP ESP security protocol

[Routera-ipsec-proposal-prop]esp encryption-algorithm des encryption algorithm

[Routera-ipsec-proposal-prop]esp Authentication-algorithm SHA1 verification algorithm

[Routera-ipsec-proposal-prop]quit

# Create security Policy Policies and specify to establish SA through IKE negotiation .

[Routera]ipsec Policy Policy Ten ISAKMP

# Configure security Policy to refer to IKE peer peer.

[Routera-ipsec-policy-isakmp-policy-10]ike-peer Peer

# Configure security Policy to reference access control List 3101.

[Routera-ipsec-policy-isakmp-policy-10]security ACL 3101

# Configure security Policy to reference IPSEC security proposal prop.

[Routera-ipsec-policy-isakmp-policy-10]proposal Prop

[Routera-ipsec-policy-isakmp-policy-10]quit

# Enter the serial serial2/0 and configure the IP address.

[Routera]interface serial 2/0 external network Port

[Routera-serial2/0]ip address 100.0.0.1 255.255.0.0 extranet IP

# Configure serial port serial2/0 to refer to Security Policy Group policy.

[Routera-serial2/0]ipsec Policy Policy

[Routera-serial2/0]remote address Pool 1 -to-end join Pools

(2) configuration Router B

# Configure the name of the local security gateway device.

<routerb>system-view

[Routerb]ike local-name Routerb

# Configure ACLs.

[routerb]acl number 3101 Match-order Auto

[Routerb-acl-adv-3101]rule permit IP Source any destination any// allow all IPs to pass

[Routerb-acl-adv-3101]quit

# Configure the IKE peers peer.

[Routerb] IKE peer peer

[Routerb-ike-peer-peer] Exchange-mode aggressive // negotiation Mode is Savage mode

[Routerb-ike-peer-peer]pre-shared-key ABC  // Configure the preshared key, which must be consistent with the peer

[Routerb-ike-peer-peer] Id-type name  // negotiation type is using named

[Routerb-ike-peer-peer]remote-name Routera // Configure peer-to-peer naming

[Routerb-ike-peer-peer] Remote-ip 10.0.0.1 // configuring Peer-to-peer IP addresses

[Routerb-ike-peer-peer] NAT traversal  // Configuring the NAT traversal feature        

[Routerb-ike-peer-peer] Quit

# Create IPSec security proposal prop.

[Routerb]ipsec proposal Prop

[Routerb-ipsec-proposal-prop]encapsulation-mode tunnel Create tunnel mode

[Routerb-ipsec-proposal-prop] Transform ESP authentication algorithm

[Routerb-ipsec-proposal-prop]esp encryption-algorithm des //esp encryption mode for DES mode

[Routerb-ipsec-proposal-prop]esp authentication-algorithm SHA1 encryption algorithm

[Routerb-ipsec-proposal-prop] Quit

# Create security Policy Policies and specify to establish SA through IKE negotiation .

[Routerb] IPSec policy policy ten ISAKMP

# Configure security Policy to refer to IKE peer peer.

[Routerb-ipsec-policy-isakmp-policy-10] Ike-peer Peer

# Configure security Policy to reference access control List 3101.

[Routerb-ipsec-policy-isakmp-policy-10]security ACL 3101

# Configure security Policy to reference IPSEC security proposal prop.

[ROUTERB-IPSEC-POLICY-ISAKMP-POLICY-10] Proposal prop

[Routerb-ipsec-policy-isakmp-policy-10]quit

# Enter the serial serial2/0 and configure the interface to dynamically negotiate the IP address.

[Routerb] Interface serial 2/0

[Routerb-serial2/0]ip Address Ppp-negotiate

# Configure serial port serial2/0 to refer to Security Policy Group policy.

[Routerb-serial2/0]ipsec Policy Policy


This article is from the "Garrett" blog, make sure to keep this source http://garrett.blog.51cto.com/11611549/1983594

IPsec VPN detailed--dynamic address

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.