您的位置: 首页  >  文章  >  华为IPSEC总部对多点的配置

华为IPSEC总部对多点的配置

分类: 文章 2023-11-21 11:01:40

ipsec总部对多点配置

学了两个月的HCNA,网上搜索仅有一点对一点的ipsec配置,现在自己能做一点对多点了给大家发一下自己写的配置以及拓扑图。

华为IPSEC总部对多点的配置

命令配置

sysname r1

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

dhcp enable

acl number 3000
rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.167.10.0 0.0.0.2
55
acl number 3001
rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.166.10.0 0.0.0.
255
acl number 3002
rule 8 deny ip source 192.168.10.0 0.0.0.255 destination 192.166.10.0 0.0.0.255

rule 9 deny ip source 192.168.10.0 0.0.0.255 destination 192.167.10.0 0.0.0.255

rule 10 permit ip source 192.168.10.0 0.0.0.255

ipsec proposal 1

ike proposal 1

ike peer r2 v1
pre-shared-key simple huawei
ike-proposal 1
remote-address 12.0.0.1
ike peer r4 v1
pre-shared-key simple huawei
ike-proposal 1
remote-address 13.0.0.1

ipsec policy v*n 10 isakmp
security acl 3000
ike-peer r2
proposal 1
ipsec policy v*n 11 isakmp
security acl 3001
ike-peer r4
proposal 1

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%%
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 192.168.10.254 255.255.255.0
dhcp select interface

interface GigabitEthernet0/0/1
ip address 10.0.0.1 255.255.255.0
ipsec policy v*n
nat outbound 3002

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 10.0.0.2

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

sysname R2

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%%
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.0.2 255.255.255.0

interface GigabitEthernet0/0/1
ip address 12.0.0.2 255.255.255.0

interface GigabitEthernet0/0/2
ip address 13.0.0.2 255.255.255.0

interface NULL0

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

sysname R3

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

dhcp enable

acl number 3000
rule 5 permit ip source 192.167.10.0 0.0.0.255 destination 192.168.10.0 0.0.0.2
55

ipsec proposal 1

ike proposal 1

ike peer r1 v1
pre-shared-key simple huawei
ike-proposal 1
remote-address 10.0.0.1

ipsec policy v*n 10 isakmp
security acl 3000
ike-peer r1
proposal 1

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%%
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 12.0.0.1 255.255.255.0
ipsec policy v*n

interface GigabitEthernet0/0/1
ip address 192.167.10.254 255.255.255.0
dhcp select interface

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 12.0.0.2

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

sysname R4

snmp-agent local-engineid 800007DB03000000000000
snmp-agent

clock timezone China-Standard-Time minus 08:00:00

portal local-server load portalpage.zip

drop illegal-mac alarm

set cpu-usage threshold 80 restore 75

dhcp enable

acl number 3000
rule 5 permit ip source 192.166.10.0 0.0.0.255 destination 192.168.10.0 0.0.0.2
55

ipsec proposal 1

ike proposal 1

ike peer r1 v1
pre-shared-key simple huawei
ike-proposal 1
remote-address 10.0.0.1

ipsec policy v*n 11 isakmp
security acl 3000
ike-peer r1
proposal 1

aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %%K8m.Nt84DZ}e#<0`8bmE3Uw}%%
local-user admin service-type http

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 13.0.0.1 255.255.255.0
ipsec policy v*n

interface GigabitEthernet0/0/1
ip address 192.166.10.254 255.255.255.0
dhcp select interface

interface GigabitEthernet0/0/2

interface NULL0

ip route-static 0.0.0.0 0.0.0.0 13.0.0.2

user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20

wlan ac

return

相关推荐