• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

msr3620 配置ipsec问题

2024-11-11提问
  • 1关注
  • 0收藏,276浏览
粉丝:0人 关注:0人

问题描述:

ipsec显示建立成功,但无法ping通对方主机

组网及组网描述:

# version 7.1.064, Release 6749P2108 # sysname H3C # clock timezone Beijing add 08:00:00 clock protocol none # wlan global-configuration # telnet server enable # ip pool l2tp111 100.100.10.10 100.100.10.200 # dhcp enable dhcp server always-broadcast # dns proxy enable # system-working-mode standard password-recovery enable # vlan 1 # dhcp server ip-pool GigabitEthernet0/1 gateway-list 192.168.1.1 network 192.168.0.0 mask 255.255.252.0 address range 192.168.0.2 192.168.3.254 dns-list 114.114.114.114 # dhcp server ip-pool GigabitEthernet0/2 gateway-list 192.168.10.1 network 192.168.8.0 mask 255.255.248.0 address range 192.168.10.2 192.168.15.254 dns-list 114.114.114.114 # dhcp server ip-pool lan1 gateway-list 100.100.1.1 network 100.100.0.0 mask 255.255.254.0 address range 100.100.1.1 100.100.1.254 dns-list 114.114.114.114 # controller Cellular0/0 # interface Virtual-PPP0 ppp chap password cipher $c$3$E8fV/ADYf0GSP39U+MdMm1oMreaGevuK9RQ5 ppp chap user zongbu ip address ppp-negotiate l2tp-auto-client l2tp-group 2 # interface Virtual-Template0 # interface Virtual-Template1 ppp authentication-mode chap remote address pool l2tp111 ip address 100.100.10.2 255.255.255.0 # interface NULL0 # interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 100.100.1.1 255.255.254.0 tcp mss 1280 # interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 192.168.1.1 255.255.252.0 # interface GigabitEthernet0/2 port link-mode route combo enable fiber ip address 192.168.10.1 255.255.248.0 # interface GigabitEthernet0/3 port link-mode route combo enable copper # interface GigabitEthernet0/4 port link-mode route # interface GigabitEthernet0/5 port link-mode route description Multiple_Line ip address 39.170.26.42 255.255.255.252 dns server 211.140.13.188 dns server 211.140.188.188 nat outbound nat outbound 3112 nat server protocol tcp global current-interface 8000 inside 192.168.1.252 8000 ipsec apply policy 123 # scheduler logfile size 16 # line class console user-role network-admin # line class tty user-role network-operator # line class vty user-role network-operator # line con 0 user-role network-admin # line vty 0 63 authentication-mode scheme user-role network-operator # ip route-static 0.0.0.0 0 GigabitEthernet0/5 39.170.26.41 ip route-static 120.199.1.218 32 39.170.26.42 ip route-static 192.168.100.0 22 39.170.26.42 # performance-management # acl advanced 3010 rule 0 permit icmp source 192.168.10.128 0 destination 192.168.100.27 0 rule 5 permit icmp source 192.168.100.27 0 destination 192.168.10.128 0 # acl advanced 3111 rule 0 permit ip source 192.168.8.0 0.0.7.255 destination 192.168.100.0 0.0.3.255 # acl advanced 3112 rule 0 deny ip source 192.168.8.0 0.0.7.255 destination 192.168.100.0 0.0.3.255 rule 5 permit ip # password-control enable undo password-control aging enable undo password-control history enable password-control length 6 password-control login-attempt 3 exceed lock-time 10 password-control update-interval 0 password-control login idle-time 0 # domain system # domain default enable system # role name level-0 description Predefined level-0 role # role name level-1 description Predefined level-1 role # role name level-2 description Predefined level-2 role # role name level-3 description Predefined level-3 role # role name level-4 description Predefined level-4 role # role name level-5 description Predefined level-5 role # role name level-6 description Predefined level-6 role # role name level-7 description Predefined level-7 role # role name level-8 description Predefined level-8 role # role name level-9 description Predefined level-9 role # role name level-10 description Predefined level-10 role # role name level-11 description Predefined level-11 role # role name level-12 description Predefined level-12 role # role name level-13 description Predefined level-13 role # role name level-14 description Predefined level-14 role # user-group system # local-user admin class manage service-type ftp service-type ssh telnet terminal http https authorization-attribute user-role network-admin # local-user test class network password cipher $c$3$fh42RxBzJcb1DYGkMZ80z2Mpnhnku04= access-limit 10 service-type ppp authorization-attribute user-role network-operator # local-user zengming class network password cipher $c$3$ZMDEhXRaL10DJ//g/USpU+8LpXxUYhYCIiho access-limit 10 service-type ppp authorization-attribute user-role network-operator # local-user zongbumes class network password cipher $c$3$xr6TZxsrbsUGS7y5MOSlLMRicvRV6E77tus= access-limit 100 service-type ppp authorization-attribute user-role network-operator description mes # security-enhanced level 1 # ssl version gm-tls1.1 disable undo ssl renegotiation disable undo ssl version ssl3.0 disable undo ssl version tls1.0 disable undo ssl version tls1.1 disable undo ssl version tls1.2 disable undo ssl version tls1.3 disable # ipsec transform-set 123 esp encryption-algorithm 3des-cbc esp authentication-algorithm sha1 # ipsec policy 123 65535 isakmp transform-set 123 security acl 3111 remote-address 120.199.1.218 ike-profile 123 sa duration time-based 3600 sa duration traffic-based 1843200 # l2tp-group 2 mode lac lns-ip 120.199.1.218 122.224.130.148 undo tunnel authentication tunnel name gongchang # l2tp-group 111 mode lns allow l2tp virtual-template 1 remote kehuduan undo tunnel authentication tunnel name kehu # ike profile 123 keychain 123 local-identity address 39.170.26.42 match remote identity address 120.199.1.218 255.255.255.255 proposal 65535 # ike keychain 123 pre-shared-key address 120.199.1.218 255.255.255.255 key cipher $c$3$3cQQutk35tXRN3qtUTgs4tiwnO/PwkASqGT5BKQq # ip http port 8899 ip https port 4433 ip http enable # wlan ap-group default-group priority 7 vlan 1 # return

1 个回答
粉丝:1人 关注:0人

看下接口是否deny了两端的感兴趣流;设备是否是多出口

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明