IPsec vpn-分部华三防火墙对接总部旁挂深信服防火墙.
dis ike sa 没信息,debugging 没有信息弹出
(深信服图二-本地身份类型已改域名字符串)
华三侧配置
#
interface Dialer1
ppp chap password cipher $c$3$f5lGKV3pD7sM/fTgDl4iWy00Fy61xpZPoDzL
ppp chap user 075508273848@163.com
ppp ipcp dns admit-any
ppp ipcp dns request
ppp pap local-user 075508273848@163.com password cipher $c$3$esMeHJvVLXIxt+ET6dxptux19c9klCv4pr1I
dialer bundle enable
dialer-group 1
dialer timer idle 0
dialer timer autodial 5
dialer number 1 autodial
ip address ppp-negotiate
tcp mss 1024
nat outbound 3000
ipsec apply policy yanglao
#
acl advanced 3500
rule 1 permit ip source 172.16.100.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
#
psec transform-set yanglao
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec policy yanglao 1 isakmp
transform-set yanglao
security acl 3500
remote-address 113.98.196.77
ike-profile 1
#
ike identity fqdn yanglao
#
ike profile 1
keychain 1
exchange-mode aggressive
local-identity fqdn yanglao
match remote identity fqdn zongbu
match remote identity address 113.98.196.77 255.255.255.255
proposal 1
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
sa duration 3600
#
ike keychain 1
pre-shared-key address 113.98.196.77 255.255.255.255 key cipher $c$3$yCbxvbl7ZfVqdMmjjTSwM7mbEaxqNEQbgZk=
#
深信服侧配置
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
网络通 没有日志输出 debugging也没有