中心站点MSR2600 Version 5.20, Release 2516P15 WAN口配置有公网IP,远端站点MSR830 使用拔号光纤可以使用ipsec vpn连接进来,但目前旧路由器 msr30-11 Version 5.20, Release 1809 现在无法连接进来,中心点和远程点的配置如下,请求指导。中心站点:dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 2516P15sysname nssyacl number 3011 rule 0 permit ip source 172.20.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255ike local-name nssyike proposal 111 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 111 pre-shared-key simple sknssy id-type name remote-name shekou local-name nssy nat traversalquitipsec transform-set nssy encapsulation-mode tunnel transform esp esp authentication-algorithm md5 esp encryption-algorithm desquitipsec policy nssy 11 isakmp security acl 3011 ike-peer shekou transform-set nssyquitinterface GigabitEthernet0/0 port link-mode route nat outbound ip address 116.x.x.x 255.255.255.224 ipsec no-nat-process enable ipsec policy nssyquitip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 116.x.x.x远端站点:dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 1809sysname SheKou1acl number 3001 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255 rule 1 deny ipquitacl number 3100 rule 1 deny ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255 rule 100 permit ipquitike local-name shekouike proposal 101 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 101 pre-shared-key simple sknssy remote-address 116.x.x.x local-name shekou nat traversalquitipsec proposal shekou esp encryption-algorithm des esp authentication-algorithm md5 quitipsec policy shekou 1 isakmp proposal shekou security acl 3001 ike-peer shekouquitint e0/1 port link-mode route ip add 10.1.121.250 255.255.255.0 nat outbound 3100 ipsec no-nat-process enable ipsec policy shekouquitint e0/0 port link-mode route ip add 192.168.1.1 255.255.255.0quit ip route-static 0.0.0.0 0.0.0.0 10.1.121.163
中心站点MSR2600 Version 5.20, Release 2516P15 WAN口配置有公网IP,远端站点MSR830 使用拔号光纤可以使用ipsec vpn连接进来,但目前旧路由器 msr30-11 Version 5.20, Release 1809 现在无法连接进来,中心点和远程点的配置如下,请求指导。中心站点:dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 2516P15sysname nssyacl number 3011 rule 0 permit ip source 172.20.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255ike local-name nssyike proposal 111 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 111 pre-shared-key simple sknssy id-type name remote-name shekou local-name nssy nat traversalquitipsec transform-set nssy encapsulation-mode tunnel transform esp esp authentication-algorithm md5 esp encryption-algorithm desquitipsec policy nssy 11 isakmp security acl 3011 ike-peer shekou transform-set nssyquitinterface GigabitEthernet0/0 port link-mode route nat outbound ip address 116.x.x.x 255.255.255.224 ipsec no-nat-process enable ipsec policy nssyquitip route-static 0.0.0.0 0.0.0.0 GigabitEthernet0/0 116.x.x.x远端站点:dis verH3C Comware Platform SoftwareComware Software, Version 5.20, Release 1809sysname SheKou1acl number 3001 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255 rule 1 deny ipquitacl number 3100 rule 1 deny ip source 192.168.1.0 0.0.0.255 destination 172.20.0.0 0.0.0.255 rule 100 permit ipquitike local-name shekouike proposal 101 authentication-algorithm md5ike peer shekou exchange-mode aggressive proposal 101 pre-shared-key simple sknssy remote-address 116.x.x.x local-name shekou nat traversalquitipsec proposal shekou esp encryption-algorithm des esp authentication-algorithm md5 quitipsec policy shekou 1 isakmp proposal shekou security acl 3001 ike-peer shekouquitint e0/1 port link-mode route ip add 10.1.121.250 255.255.255.0 nat outbound 3100 ipsec no-nat-process enable ipsec policy shekouquitint e0/0 port link-mode route ip add 192.168.1.1 255.255.255.0quit ip route-static 0.0.0.0 0.0.0.0 10.1.121.163
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论