[关闭]
@handbye 2017-11-23T16:49:01.000000Z 字数 1712 阅读 1490

IPSEC SA两种方式配置

vpn


IKE 协商方式建立ISPEC SA

  1. 配置IPSec安全提议。缺省参数可不配置。
  2. [FW_A] ipsec proposal tran1
  3. [FW_A-ipsec-proposal-tran1] esp authentication-algorithm sha2-256
  4. [FW_A-ipsec-proposal-tran1] esp encryption-algorithm aes-256
  5. [FW_A-ipsec-proposal-tran1] quit
  6. 配置IKE安全提议。缺省参数可不配置。
  7. [FW_A] ike proposal 10
  8. [FW_A-ike-proposal-10] authentication-method pre-share
  9. [FW_A-ike-proposal-10] prf hmac-sha2-256
  10. [FW_A-ike-proposal-10] encryption-algorithm aes-256
  11. [FW_A-ike-proposal-10] dh group2
  12. [FW_A-ike-proposal-10] integrity-algorithm hmac-sha2-256
  13. [FW_A-ike-proposal-10] quit
  14. 配置IKE peer
  15. [FW_A] ike peer b
  16. [FW_A-ike-peer-b] ike-proposal 10
  17. [FW_A-ike-peer-b] remote-address 1.1.5.1
  18. [FW_A-ike-peer-b] pre-shared-key Test!1234
  19. [FW_A-ike-peer-b] quit
  20. 配置IPSec策略。
  21. [FW_A] ipsec policy map1 10 isakmp
  22. [FW_A-ipsec-policy-isakmp-map1-10] security acl 3000
  23. [FW_A-ipsec-policy-isakmp-map1-10] proposal tran1
  24. [FW_A-ipsec-policy-isakmp-map1-10] ike-peer b
  25. [FW_A-ipsec-policy-isakmp-map1-10] quit

手工方式建立IPSEC SA

  1. 配置IPSec安全提议tran1
  2. [FW_A] ipsec proposal tran1
  3. [FW_A-ipsec-proposal-tran1] encapsulation-mode tunnel
  4. [FW_A-ipsec-proposal-tran1] transform esp
  5. [FW_A-ipsec-proposal-tran1] esp authentication-algorithm sha2-256
  6. [FW_A-ipsec-proposal-tran1] esp encryption-algorithm aes-256
  7. [FW_A-ipsec-proposal-tran1] quit
  8. 配置名称为map1,序号为10IPSec策略。
  9. [FW_A] ipsec policy map1 10 manual
  10. [FW_A-ipsec-policy-manual-map1-10] security acl 3000
  11. [FW_A-ipsec-policy-manual-map1-10] proposal tran1
  12. [FW_A-ipsec-policy-manual-map1-10] tunnel remote 1.1.5.1
  13. [FW_A-ipsec-policy-manual-map1-10] tunnel local 1.1.3.1
  14. [FW_A-ipsec-policy-manual-map1-10] sa spi inbound esp 12345678
  15. [FW_A-ipsec-policy-manual-map1-10] sa spi outbound esp 87654321
  16. [FW_A-ipsec-policy-manual-map1-10] sa string-key inbound esp abcdefg
  17. [FW_A-ipsec-policy-manual-map1-10] sa string-key outbound esp gfedcba
  18. [FW_A-ipsec-policy-manual-map1-10] quit
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注