F100-A对接华为AR6121E-S做ipsec vpn
- 0关注
- 0收藏,109浏览
问题描述:
华为端已经打过400售后也无法排查出问题所在,ipsec报文提示是udp500 端口 网络不可达,但是路由器可ping通对端公网ip,请各路大神参详参详!感激不尽!
F100端配置:
ipsec transform-set hm_IPv4_1
esp encryption-algorithm aes-cbc-128
esp authentication-algorithm sha1
ipsec policy-template t4 1
transform-set 1
security acl 3008
local-address 14.23.xx.xx
ike-profile RTD
ike keychain RTD
pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$Dm0WXo0vwF8gr9yyXKUJh6NG0VJhSMqwog==
#
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
ike profile RTD
keychain RTD
exchange-mode aggressive
local-identity fqdn zongbu
match remote identity fqdn RTD
match remote identity address 0.0.0.0 0.0.0.0
match local address GigabitEthernet1/0/3
proposal 1
ipsec policy zongbu 5 isakmp template t4
ipsec apply policy zongbu
华为路由器端:
ipsec proposal 1
esp authentication-algorithm sha1
esp encryption-algorithm aes-128
#
ike proposal default
encryption-algorithm aes-256 aes-192 aes-128
dh group14
authentication-algorithm sha2-512 sha2-384 sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
ike proposal 1
encryption-algorithm 3des
dh group2
authentication-algorithm sha2-256
authentication-method pre-share
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer RTD
version 1
exchange-mode aggressive
pre-shared-key cipher %^%#Q>{XD^1+|!Q7'x4Zw<rM2,OeU]&HS7j/6`FB@h5+%^%#
ike-proposal 1
remote-id fqdn RTD
local-id fqdn zongbu
remote-address 14.23.xx.xx
rsa encryption-padding oaep
rsa signature-padding pss
undo local-id-preference certificate enable
ikev2 authentication sign-hash sha2-256
#
ipsec policy 1 1 isakmp
security acl 3008
ike-peer RTD
proposal 1
https://www.h3c.com/cn/Service/Document_Software/Document_Center/Home/Security/00-Public/Configure/Interoperability_Guides/H3C_Huawei_IPsec-11984/?CHID=872190
链接打不开
https://www.h3c.com/cn/Service/Document_Software/Document_Center/Home/Security/00-Public/Configure/Interoperability_Guides/H3C_Huawei_IPsec-11984/?CHID=872190
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
那就抓包看看