two.Dynamic AddressVpnSet
650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/20/301e6a690adc1a32663cbb0f8f99fe8d.png-wh_500x0-wm_3 -wmp_4-s_2534262614.png "title=" Qq20171120202121.png "alt=" 301e6a690adc1a32663cbb0f8f99fe8d.png-wh_ "/>
1.Networking Requirements
(1) &NBSP, branch LAN via private line access to the corporate intranet, Router A serial2/0 address, Router B address.
(2) The IP address automatically obtained by the branch office is the private IP address , andthe IP address of the serial2/0 interface of Router a is the public address, so The NAT traversal feature is required on Router B .
(3) in order to ensure information security , the Ipsec/ike method is used to create a secure tunnel.
2.Configuration Steps
(1) configuration Router A
# Configure the name of the local security gateway device.
<routera>system-view
[Routera]ike local-name RouterA
# Configure ACLs.
[routera]acl number 3101 Match-order Auto
[Routera-acl-adv-3101]rule Permit IP source Any destination any allows all data to pass through
[Routera-acl-adv-3101]quit
# Configure the address pool.
[Routera]ip Pool 1 10.0.0.2 10.0.0.10
# Configure the IKE peers peer.
[Routera]ike Peer Peer
[Routera-ike-peer-peer]exchange-mode aggressive // Negotiation mode for Savage mode
[Routera-ike-peer-peer]pre-shared-key ABC // Configure preshared key, this key must be consistent with the peer
[Routera-ike-peer-peer]id-type name // negotiation type for use named
[Routera-ike-peer-peer]remote-name routerb // Configure peer-to-peer naming
[Routera-ike-peer-peer]quit
# Create IPSec security proposal prop.
[Routera]ipsec proposal Prop
[Routera-ipsec-proposal-prop]encapsulation-mode Tunnel tunnel mode
[Routera-ipsec-proposal-prop]transform ESP ESP security protocol
[Routera-ipsec-proposal-prop]esp encryption-algorithm des encryption algorithm
[Routera-ipsec-proposal-prop]esp Authentication-algorithm SHA1 verification algorithm
[Routera-ipsec-proposal-prop]quit
# Create security Policy Policies and specify to establish SA through IKE negotiation .
[Routera]ipsec Policy Policy Ten ISAKMP
# Configure security Policy to refer to IKE peer peer.
[Routera-ipsec-policy-isakmp-policy-10]ike-peer Peer
# Configure security Policy to reference access control List 3101.
[Routera-ipsec-policy-isakmp-policy-10]security ACL 3101
# Configure security Policy to reference IPSEC security proposal prop.
[Routera-ipsec-policy-isakmp-policy-10]proposal Prop
[Routera-ipsec-policy-isakmp-policy-10]quit
# Enter the serial serial2/0 and configure the IP address.
[Routera]interface serial 2/0 external network Port
[Routera-serial2/0]ip address 100.0.0.1 255.255.0.0 extranet IP
# Configure serial port serial2/0 to refer to Security Policy Group policy.
[Routera-serial2/0]ipsec Policy Policy
[Routera-serial2/0]remote address Pool 1 -to-end join Pools
(2) configuration Router B
# Configure the name of the local security gateway device.
<routerb>system-view
[Routerb]ike local-name Routerb
# Configure ACLs.
[routerb]acl number 3101 Match-order Auto
[Routerb-acl-adv-3101]rule permit IP Source any destination any// allow all IPs to pass
[Routerb-acl-adv-3101]quit
# Configure the IKE peers peer.
[Routerb] IKE peer peer
[Routerb-ike-peer-peer] Exchange-mode aggressive // negotiation Mode is Savage mode
[Routerb-ike-peer-peer]pre-shared-key ABC // Configure the preshared key, which must be consistent with the peer
[Routerb-ike-peer-peer] Id-type name // negotiation type is using named
[Routerb-ike-peer-peer]remote-name Routera // Configure peer-to-peer naming
[Routerb-ike-peer-peer] Remote-ip 10.0.0.1 // configuring Peer-to-peer IP addresses
[Routerb-ike-peer-peer] NAT traversal // Configuring the NAT traversal feature
[Routerb-ike-peer-peer] Quit
# Create IPSec security proposal prop.
[Routerb]ipsec proposal Prop
[Routerb-ipsec-proposal-prop]encapsulation-mode tunnel Create tunnel mode
[Routerb-ipsec-proposal-prop] Transform ESP authentication algorithm
[Routerb-ipsec-proposal-prop]esp encryption-algorithm des //esp encryption mode for DES mode
[Routerb-ipsec-proposal-prop]esp authentication-algorithm SHA1 encryption algorithm
[Routerb-ipsec-proposal-prop] Quit
# Create security Policy Policies and specify to establish SA through IKE negotiation .
[Routerb] IPSec policy policy ten ISAKMP
# Configure security Policy to refer to IKE peer peer.
[Routerb-ipsec-policy-isakmp-policy-10] Ike-peer Peer
# Configure security Policy to reference access control List 3101.
[Routerb-ipsec-policy-isakmp-policy-10]security ACL 3101
# Configure security Policy to reference IPSEC security proposal prop.
[ROUTERB-IPSEC-POLICY-ISAKMP-POLICY-10] Proposal prop
[Routerb-ipsec-policy-isakmp-policy-10]quit
# Enter the serial serial2/0 and configure the interface to dynamically negotiate the IP address.
[Routerb] Interface serial 2/0
[Routerb-serial2/0]ip Address Ppp-negotiate
# Configure serial port serial2/0 to refer to Security Policy Group policy.
[Routerb-serial2/0]ipsec Policy Policy
This article is from the "Garrett" blog, make sure to keep this source http://garrett.blog.51cto.com/11611549/1983594
IPsec VPN detailed--dynamic address