华为ipscevpn配置

胡振宇 · 发表于 2015-11-19 14:05:12

配置RouterA

#
acl number 3101  //配置ACL
rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255
#
ipsec proposal tran1  //配置IPSec安全提议
esp authentication-algorithm sha2-256
#
ike proposal 1  //配置IPSec IKE提议
encryption-algorithm aes-cbc-128
authentication-algorithm sha2-256
#
ike local-name huawei01
#
ike peer spub v1  //配置IKE Peer
exchange-mode aggressive
pre-shared-key cipher %@%@:A(|N&D21)L2L0Z2WlVE9.-u%@%@  //配置预共享密钥认证字为“huawei”，以密文显示，该命令在V2R3C00以前的版本中为“pre-shared-key huawei”，以明文显示
ike-proposal 1
local-id-type name
remote-name huawei02
local-address 202.138.163.1
remote-address 202.138.162.1
#
ipsec policy map1 10 isakmp  //配置IPSec策略
security acl 3101
ike-peer spub
proposal tran1
#
ip route-static 10.1.2.0 255.255.255.0 202.138.163.2
ip route-static 202.138.162.0 255.255.255.0 202.138.163.2
#
interface Ethernet1/0/0  //配置外网接口
ip address 202.138.163.1 255.255.255.0
ipsec policy map1
#
interface Ethernet2/0/0  //配置私网接口
ip address 10.1.1.1 255.255.255.0
#
return
配置RouterB

#
acl number 3101  //配置ACL
  rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255
#
ipsec proposal tran1  //配置IPSec安全提议
esp authentication-algorithm sha2-256
#
ike proposal 1  //配置IKE提议
encryption-algorithm aes-cbc-128
authentication-algorithm sha2-256
#
ike local-name huawei02
#
ike peer spua v1  //配置IKE Peer
exchange-mode aggressive
pre-shared-key cipher %@%@$[#m$/7qa7Vn`H6SF1jQdbCM%@%@  //配置预共享密钥认证字为“huawei”，以密文显示，该命令在V2R3C00以前的版本中为“pre-shared-key huawei”，以明文显示
ike-proposal 1
local-id-type name
remote-name huawei01
local-address 202.138.162.1
remote-address 202.138.163.1
#
ipsec policy use1 10 isakmp  //配置IPSec策略
security acl 3101
ike-peer spua
proposal tran1
#
ip route-static 10.1.1.0 255.255.255.0 202.138.162.2
ip route-static 202.138.163.0 255.255.255.0 202.138.162.2
#
interface Ethernet1/0/0  //配置外网接口
ip address 202.138.162.1 255.255.255.0
ipsec policy use1
#
interface Ethernet2/0/0  //配置私网接口
ip address 10.1.2.1 255.255.255.0
#
return

		自动登录	找回密码
密码			注册通行证