
AR-1基础装备:
system-view //进体系视图
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR-1 //修正主机名为AR-1
[AR-1]int g0/0/0 //进接口
[AR-1-GigabitEthernet0/0/0]ip address 172.16.10.254 24 //装备IP地址和子网掩码
[AR-1-GigabitEthernet0/0/0]int g0/0/1 //切换接口
[AR-1-GigabitEthernet0/0/1]ip address 100.0.0.1 30 //装备IP地址和子网掩码
[AR-1]ip route-static 0.0.0.0 0.0.0.0 100.0.0.2 //装备静态路由
================A8站源码交易平台=========================A8站源码交易平台======
部署安全提议和对等联系
[R1]ike proposal 1 //进入安全提议视图
[R1-ike-proposal-1]encryption-algorithm 3des-cbc //装备运用的加密算法
[R1-ike-proposal-1]authentication-algorithm md5 //装备运用的认证算法
[R1-ike-proposal-1]authentication-method pre-share //装备身份验证-预同享密钥
[R1-ike-proposal-1]dh group2 //装备DH算法--确保秘钥安全的
[AR-1-ike-proposal-1]q //退到上一层,体系视图
---指定地道对端(对等体)
[R1]ike peer 200.0.0.2 v1 //树立对等体联系
[R1-ike-peer-200.0.0.2]pre-shared-key simple abc //装备身份验证口令
[R1-ike-peer-200.0.0.2]ike-proposal 1 //调用安全提议
[R1-ike-peer-200.0.0.2]remote-address 200.0.0.2 //指向详细的对等体
[R3]dis ike proposal //查看安全提议信息
装备ACL和算法即安全策略A8站源码交易平台
{装备ACL 界说对等体间需求保护的流量}
R1]acl number 3000
[R1-acl-adv-3000]rule permit ip source 172.16.10.0 0.0.0.255 destination 10.10.33.0 0.0.0.255
{装备IPSEC 安全提议(算法调集)}
[R1]ipsec proposal 1
[R1-ipsec-proposal-1]transform esp
{装备IPSEC 安全策略}
[R1]ipsec policy jiayou 1 isakmp
[R1-ipsec-policy-isakmp-jiayou-1]security acl 3000
[R1-ipsec-policy-isakmp-jiayou-1]proposal 1
[R1-ipsec-policy-isakmp-jiayou-1]ike-peer 200.0.0.2
acl保护IPSEC安全策略
{装备ACL 界说对等体间需求保护的流量}
R1]acl number 3000
[R1-acl-adv-3000]rule permit ip source 172.16.10.0 0.0.0.255 destination 10.10.33.0 0.0.0.255
[AR-1-acl-adv-3000]q //退到上一层,体系视图
{装备IPSEC 安全提议(算法调集)}
[R1]ipsec proposal 1
[R1-ipsec-proposal-1]transform esp
[AR-1-ipsec-proposal-1]q //退到上一层,体系视图
{装备IPSEC 安全策略}
[R1]ipsec policy jiayou 1 isakmp
[R1-ipsec-policy-isakmp-jiayou-1]security acl 3000
[R1-ipsec-policy-isakmp-jiayou-1]proposal 1
[R1-ipsec-policy-isakmp-jiayou-1]ike-peer 200.0.0.2
在接口运用IPSEC安全策略
[AR-1]int g0/0/1 //进入g0/0/1接口
[AR-1-GigabitEthernet0/0/1]ipsec policy jiayou //运用接口的策略
ISP-1基础装备:
system-view //进体系视图
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname ISP-1 //修正主机名为ISP-1
[ISP-1-GigabitEthernet0/0/0]ip address 100.0.0.2 30 //装备IP地址和子网掩码
[ISP-1-GigabitEthernet0/0/0]int g0/0/1 //切换接口
[ISP-1-GigabitEthernet0/0/1]ip address 200.0.0.1 30 //装备IP地址和子网掩码
AR-3根本装备
:system-view //进体系视图
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname AR-3 //修正主机名为AR-3
[AR-3]int g0/0/0 //进接口
[AR-3-GigabitEthernet0/0/0]ip address 200.0.0.2 30 //装备IP地址和子网掩码
[AR-3-GigabitEthernet0/0/0]int g0/0/1 //切换接口
[AR-3-GigabitEthernet0/0/1]ip address 10.10.33.254 24 //装备IP地址和子网掩码
[AR-3]ip route-static 0.0.0.0 0.0.0.0 200.0.0.1 //装备静态路由
部署安全提议和对等联系
[R3]ike proposal 1 //进入安全提议视图
[R3-ike-proposal-1]encryption-algorithm 3des-cbc //装备运用的加密算法
[R3-ike-proposal-1]authentication-algorithm md5 //装备运用的认证算法
[R3-ike-proposal-1]authentication-method pre-share //装备身份验证-预同享密钥
[R3-ike-proposal-1]dh group2 //装备DH算法--确保秘钥安全的
[AR-3-ike-proposal-1]q //退到上一层,体系视图
---指定地道对端(对等体)
[R3]ike peer 100.0.0.1 v1 //树立对等体联系
[R3-ike-peer-100.0.0.1]pre-shared-key simple abc //装备身份验证口令
[R3-ike-peer-100.0.0.1]ike-proposal 1 //调用安全提议
[R3-ike-peer-100.0.0.1]remote-address 100.0.0.1 //指向详细的对等体
装备ACL和算法即安全策略
{装备ACL 界说对等体间需求保护的流量}
R3]acl number 3000
[R1-acl-adv-3000]rule permit ip source 10.10.33.0 0.0.0.255 destination 172.16.10.0 0.0.0.255
[AR-3-acl-adv-3000]q //退到上一层,体系视图
{装备IPSEC 安全提议(算法调集)}
[R1]ipsec proposal 1
[R1-ipsec-proposal-1]transform esp
[AR-3-ipsec-proposal-1]q //退到上一层,体系视图
{装备IPSEC 安全策略}
[R1]ipsec policy jiayou 1 isakmp
[R1-ipsec-policy-isakmp-jiayou-1]security acl 3000
[R1-ipsec-policy-isakmp-jiayou-1]proposal 1
[R1-ipsec-policy-isakmp-jiayou-1]ike-peer 100.0.0.1
acl保护IPSEC安全策略
{在接口运用IPSEC安全策略}
[AR-3]int g0/0/0 //进入g0/0/0接口
[AR-3-GigabitEthernet0/0/0]ipsec policy jiayou //运用接口的策略
[R3]dis ike sa //查看地道树立情况
A8站源码交易平台