s5560
- 0关注
- 1收藏,1085浏览
问题描述:
vpn总部野蛮模式 和 分公司 命令怎么配置 帮忙标记一下命令干什么用的 谢谢
- 2021-08-01提问
- 举报
-
(0)
最佳答案
IPSEC+IKE野蛮模式关键配置点:
非固定IP端:
[FW1]acl advanced 3000 //创建ACL,将用于感兴趣数据流
[FW1-acl-ipv4-adv-3000]rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 172.16.1.0 0.0.0.255 //指定源和目的网段
[FW1-acl-ipv4-adv-3000]quit
[FW1]ike identity fqdn fw1 //创建FQDN,用于固定IP端指向过来
[FW1]ike keychain james
[FW1-ike-keychain-james]pre-shared-key address 202.2.100.2 255.255.255.252 key simple james //指定固定IP端的外部地址和密钥
[FW1-ike-keychain-james]quit
[FW1]ike proposal 1
[FW1-ike-proposal-1]quit
[FW1]ike profile james //创建IKE
[FW1-ike-profile-james]keychain james
[FW1-ike-profile-james]proposal 1
[FW1-ike-profile-james]match remote identity address 202.2.100.2 255.255.255.252 //指定远端地址
[FW1-ike-profile-james]exchange-mode aggressive //指定模式为野蛮模式
[FW1-ike-profile-james]quit
[FW1]ipsec transform-set james //创建交换集
[FW1-ipsec-transform-set-james]protocol esp //指定协议为ESP
[FW1-ipsec-transform-set-james]encapsulation-mode tunnel //封装协议为隧道
[FW1-ipsec-transform-set-james]esp authentication-algorithm md5 //认证算法
[FW1-ipsec-transform-set-james]esp encryption-algorithm des-cbc //加密算法
[FW1-ipsec-transform-set-james]quit
[FW1]ipsec policy james 1 isakmp //创建IPSEC VPN策略
[FW1-ipsec-policy-isakmp-james-1]security acl 3000 //调用ACL
[FW1-ipsec-policy-isakmp-james-1]transform-set james //调用交换集
[FW1-ipsec-policy-isakmp-james-1]ike-profile james //指定IKE文件
[FW1-ipsec-policy-isakmp-james-1]remote-address 202.2.100.2
[FW1-ipsec-policy-isakmp-james-1]quit
[FW1]int gi 1/0/2
[FW1-GigabitEthernet1/0/2]ipsec apply policy james //端口调用IPSEC VPN策略
[FW1-GigabitEthernet1/0/2]quit
固定IP端:
[FW2]acl advanced 3000
[FW2-acl-ipv4-adv-3000]rule 0 permit ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
[FW2-acl-ipv4-adv-3000]quit
[FW2]ike identity fqdn fw2
[FW2]ike proposal 1
[FW2-ike-proposal-1]quit
[FW2]ike keychain james
[FW2-ike-keychain-james]pre-shared-key hostname fw1 key simple james
[FW2-ike-keychain-james]quit
[FW2]ike profile james
[FW2-ike-profile-james]keychain james
[FW2-ike-profile-james]proposal 1
[FW2-ike-profile-james]match remote identity fqdn fw1
[FW2-ike-profile-james]exchange-mode aggressive
[FW2-ike-profile-james]quit
[FW2]ipsec transform-set james
[FW2-ipsec-transform-set-james]protocol esp
[FW2-ipsec-transform-set-james]encapsulation-mode tunnel
[FW2-ipsec-transform-set-james]esp authentication-algorithm md5
[FW2-ipsec-transform-set-james]esp encryption-algorithm des-cbc
[FW2-ipsec-transform-set-james]quit
[FW2]ipsec policy-template james 1
[FW2-ipsec-policy-template-james-1]security acl 3000
[FW2-ipsec-policy-template-james-1]transform-set james
[FW2-ipsec-policy-template-james-1]ike-profile james
[FW2-ipsec-policy-template-james-1]quit
[FW2]ipsec policy james 1 isakmp template james
[FW2]int gi 1/0/2
[FW2-GigabitEthernet1/0/2]ipsec apply policy james
[FW2-GigabitEthernet1/0/2]quit
- 2021-08-01回答
- 评论(0)
- 举报
-
(0)
这两个都是总部的么 [FW1-ike-keychain-james]pre-shared-key address 202.2.100.2 255.255.255.252 key simple james //指定固定IP端的外部地址和密钥 [FW1-ike-profile-james]match remote identity address 202.2.100.2 255.255.255.252 //指定远端地址
- 2021-08-01回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论