SecPath防火墙和联想网御防火墙实现IPSEC互通的
典型配置
一、 组网需求:
SecPath防火墙和联想网御防火墙做IPSEC VPN互通。
二、 组网图
三、 配置信息
1. SecPath100F-E的主要配置
#
sysname SecPath100F-E
#
firewall packet-filter enable
firewall packet-filter default permit
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
sa duration 28800
#
ike peer lianxiang
pre-shared-key 12345678
remote-address 218.1.122.22
local-address 220.196.41.162
#
ipsec card-proposal 1
use encrypt-card 2/0
esp encryption-algorithm 3des
#
ipsec policy pol1 1 isakmp
security acl 3001
ike-peer lianxiang
proposal 1
acl number 3001
description ipsec_lianxiang
rule 0 permit ip source 172.16.0.0 0.0.255.255 destination 10.1.50.0 0.0.0.255
rule 1 deny ip
acl number 3100
description NAT
rule 0 deny ip source 172.16.0.0 0.0.255.255 destination 10.1.50.0 0.0.0.255
rule 4 permit ip source 172.16.0.0 0.0.255.255
#
interface Ethernet0/0
description WAN
tcp mss 1450
ip address 220.196.41.162 255.255.255.248
nat outbound 3100
ipsec policy pol1
#
interface Ethernet0/2
description LAN
tcp mss 1450
ip address 172.16.1.254 255.255.0.0
#
firewall zone trust
add interface Ethernet0/2
set priority 85
#
firewall zone untrust
add interface Ethernet0/0
set priority 5
#
ip route-static 0.0.0.0 0.0.0.0 220.196.41.161
#
2. 防火墙联想网御300的主要配置
四、 配置关键点
1、 联想网御防火墙预共享密钥至少8位;
2、 联想网御防火墙默认IKE密钥交换采用的是DH-GROUP 2。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作