.
MSR 3620_1:
Dhcp server ip-pool lan1
gateway-list 192.168.0.1
network 192.168.0.0 mask 255.255.255.0
dns-list 192.168.0.1
#
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/2
ip address 10.145.4.13 255.255.255.0
nat outbound 3000
ipsec apply policy R2
#
ip route-static 192.168.1.0 24 10.145.4.8
#
acl advanced 3000
rule 0 deny ip source 192.168.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
acl advanced 3100
rule 0 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
ipsec transform-set 1
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec policy R2 1 isakmp
transform-set 1
security acl 3100
local-address 10.145.4.13
remote-address 10.145.4.8
ike-profile R2
#
ike profile R2
keychain R2
match remote identity address 10.145.4.8 255.255.255.0
proposal 1
#
ike proposal 1
encryption-algorithm 3des-cbc
authentication-algorithm md5
#
ike keychain R2
pre-shared-key address 10.145.4.8 255.255.255.0 key simple 12345678
return
MSR 3620_2:
Dhcp server ip-pool lan1
gateway-list 192.168.1.1
network 192.168.1.0 mask 255.255.255.0
dns-list 192.168.1.1
#
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/2
ip address 10.145.4.8 255.255.255.0
nat outbound 3000
ipsec apply policy R1
#
ip route-static 192.168.0.0 24 10.145.4.13
#
acl advanced 3000
rule 0 deny ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
#
acl advanced 3100
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
#
ipsec transform-set 1
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ipsec policy R1 1 isakmp
transform-set 1
security acl 3100
local-address 10.145.4.8
remote-address 10.145.4.13
ike-profile R1
#
ike profile R1
keychain R1
match remote identity address 10.145.4.13 255.255.255.0
proposal 1
#
ike proposal 1
encryption-algorithm 3des-cbc
authentication-algorithm md5
#
ike keychain R1
pre-shared-key address 10.145.4.13 255.255.255.0 key simple 12345678
#
return
#
ipsec transform-set 1
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
#
ike proposal 1
encryption-algorithm 3des-cbc
authentication-algorithm md5
该案例对您是否有帮助:
您的评价:1
若您有关于案例的建议,请反馈:
No comments
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作