F100-C-G2图形界面或是命令行开通 l2tp over ipsec方法
- 0关注
- 1收藏,896浏览
问题描述:
现在这台设备可以正常上网,工作一切正常。为满足员工出差后进内网办公安全,所以想给每位出差员工一个vpn进入防火墙的权限。特别想知道这款
H3C SecPath F100-C-G2 Version 7.1.064, Release 9510P05 开通l2tp over ipsec的方法或是脚本。谢谢!
组网及组网描述:
互联网接口为固定公网IP。在1/0/10口。 19.18.12.134/30
内网接口在1/0/4口。内网段,10.9.0.0/24
- 2019-12-30提问
- 举报
-
(0)
最佳答案
#开启L2TP功能
<H3C>system-view
[H3C]l2tp enable
#创建地址池
[H3C]ip pool 1 192.168.10.2 192.168.10.200
#创建一个虚模板,指定地址池
[H3C]interface Virtual-Template1
[H3C-Virtual-Template1] ppp authentication-mode chap domain system
[H3C-Virtual-Template1]remote address pool 1
[H3C-Virtual-Template1]ip address 192.168.10.1 24
[H3C-Virtual-Template1]quit
#创建l2tp组
[H3C]l2tp-group 1 mode lns
[H3C-l2tp1] allow l2tp virtual-template 1
[H3C-l2tp1]undo tunnel authentication
[H3C-l2tp1]quit
#创建本地用户
[H3C]local-user 123 class network
[H3C-luser-network-123]password simple 123456
[H3C-luser-network-123]service-type ppp
[H3C-luser-network-123]quit
#创建多个ike安全提议,采用不同的加密算法和验证算法
[H3C]ike proposal 1
[H3C-ike-proposal-1]encryption-algorithm aes-cbc-128
[H3C-ike-proposal-1]authentication-algorithm md5
[H3C-ike-proposal-1]dh group2
[H3C]ike proposal 2
[H3C-ike-proposal-2]encryption-algorithm 3des-cbc
[H3C-ike-proposal-2]authentication-algorithm md5
[H3C-ike-proposal-2]dh group2
[H3C]ike proposal 3
[H3C-ike-proposal-3]encryption-algorithm 3des-cbc
[H3C-ike-proposal-3]dh group2
[H3C]ike proposal 4
[H3C-ike-proposal-4]encryption-algorithm aes-cbc-256
[H3C-ike-proposal-4]dh group2
[H3C]ike proposal 5
[H3C-ike-proposal-5]dh group2
[H3C]ike proposal 6
[H3C-ike-proposal-6]encryption-algorithm aes-cbc-192
[H3C-ike-proposal-6]dh group2
#配置ike keychain,配置对端地址为0.0.0.0,预共享密钥为123456
[H3C]ike keychain 1
[H3C-ike-keychain-1]pre-shared-key address 0.0.0.0 0 key simple 123456
#配置ike profile,引用ike keychain和ike安全提议,本端公网地址为198.76.28.30
[H3C]ike profile 1
[H3C-ike-profile-1]keychain 1
[H3C-ike-profile-1]exchange-mode aggressive
[H3C-ike-profile-1]local-identity address 198.76.28.30
[H3C-ike-profile-1]match remote identity address 0.0.0.0 0.0.0.0
[H3C-ike-profile-1]proposal 1 2 3 4 5 6
#配置多个ipsec安全提议,采用不同的验证算法和加密算法
[H3C]ipsec transform-set 1
[H3C-ipsec-transform-set-1]encapsulation-mode transport
[H3C-ipsec-transform-set-1]esp encryption-algorithm aes-cbc-128
[H3C-ipsec-transform-set-1]esp authentication-algorithm sha1
[H3C]ipsec transform-set 2
[H3C-ipsec-transform-set-2]encapsulation-mode transport
[H3C-ipsec-transform-set-2]esp encryption-algorithm aes-cbc-256
[H3C-ipsec-transform-set-2]esp authentication-algorithm sha1
[H3C]ipsec transform-set 3
[H3C-ipsec-transform-set-3]encapsulation-mode transport
[H3C-ipsec-transform-set-3]esp encryption-algorithm 3des-cbc
[H3C-ipsec-transform-set-3]esp authentication-algorithm sha1
[H3C]ipsec transform-set 4
[H3C-ipsec-transform-set-4]encapsulation-mode transport
[H3C-ipsec-transform-set-4]esp encryption-algorithm des-cbc
[H3C-ipsec-transform-set-4]esp authentication-algorithm sha1
[H3C]ipsec transform-set 5
[H3C-ipsec-transform-set-5]encapsulation-mode transport
[H3C-ipsec-transform-set-5]esp encryption-algorithm aes-cbc-192
[H3C-ipsec-transform-set-5]esp authentication-algorithm sha1
[H3C]ipsec transform-set 6
[H3C-ipsec-transform-set-6]encapsulation-mode transport
#配置一个名字为1,序号为1的安全策略模板,引用ike profile和ipsec安全提议
[H3C]ipsec policy-template 1 1
[H3C-ipsec-policy-template-1-1]
[H3C-ipsec-policy-template-1-1]transform-set 1 2 3 4 5 6
[H3C-ipsec-policy-template-1-1]ike-profile 1
#引用ipsec安全策略模板,创建ipsec安全策略
[H3C]ipsec policy 1 1 isakmp template 1
#在公网口调用ipsec安全策略
[H3C]interface GigabitEthernet 0/0
[H3C-GigabitEthernet0/0]ipsec apply policy 1
- 2019-12-30回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论