H3C Comware V7 IpsecVpn
来源:互联网 发布:淘宝代销和经销的区别 编辑:程序博客网 时间:2024/05/22 22:49
今天使用H3C MSR36-10路由器,OS是H3C Comware V7版本,配置了一下Ipsec Vpn,命令变化还不小,还好参考官方文档配置成功了,原V5平台的不多叙述。
官方文档地址:http://www.h3c.com.cn/Service/Document_Center/Routers/Catalog/MSR/MSR_5600/Command/Command_Manual/H3C_MSR_CR(V7)-6W103/11/201405/828589_30005_0.htm
具体路由器配置如下:
[Branch-MSR-3610]dis cu# version 7.1.059, Release 0304# sysname Branch-MSR-3610# telnet server enable# password-recovery enable#vlan 1#controller Cellular0/0#controller Cellular0/1#interface Aux0#interface NULL0#interface GigabitEthernet0/0 port link-mode route description TO_waiwang-WAN combo enable copper ip address 113.97.129.10 255.255.255.0 ipsec apply policy Branch#interface GigabitEthernet0/1 port link-mode route description TO_neiwang-LAN ip address 100.44.4.2 255.255.255.0#interface GigabitEthernet0/2 port link-mode route# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 4 authentication-mode scheme user-role network-operator#line vty 5 63 user-role network-operator# ip route-static 0.0.0.0 0 113.97.129.1#acl advanced 3000 rule 10 permit ip source 100.44.4.0 0.0.0.255 destination 100.10.10.0 0.0.0.255#acl advanced 3900 rule 10 deny ip source 100.44.4.0 0.0.0.255 destination 100.10.10.0 0.0.0.255# domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role# role name level-14 description Predefined level-14 role#user-group system#local-user admin class manage password hash $h$6$DtT6MTV8L+TWencT$y+nCFfRsb6Gu7d0Rc85tpaWqaq3tdv4viPurrm+4ak5zQ6obmHYg== service-type telnet authorization-attribute user-role network-admin authorization-attribute user-role network-operator#ipsec transform-set Branch esp encryption-algorithm des-cbc esp authentication-algorithm md5 pfs dh-group1#ipsec policy Branch 10 isakmp transform-set Branch security acl 3000 remote-address 114.202.132.212 ike-profile Branch#ike profile Branch ###没有了IKE PEER 配置,换成了 ike profile keychain Branch proposal 10 #ike proposal 10 authentication-algorithm md5#ike keychain Branch ###没有了IKE PEER 配置,换成了 ike keychain pre-shared-key address 114.202.132.212 255.255.255.255 key cipher $c$3$OraBlcTfbc1IXFPE4INI98rq#return
查看IKE IPSEC 是否建立成功
[Branch-MSR-3610]dis ike sa Connection-ID Remote Flag DOI ------------------------------------------------------------------ 3604 114.202.132.212 RD IPsec Flags:RD--READY RL--REPLACED FD-FADING[Branch-MSR-3610]dis ipsec sa -------------------------------Interface: GigabitEthernet0/0------------------------------- ----------------------------- IPsec policy: Branch Sequence number: 10 Mode: ISAKMP ----------------------------- Tunnel id: 0 Encapsulation mode: tunnel Perfect forward secrecy: dh-group1 Inside VPN: Path MTU: 1443 Tunnel: local address: 113.97.129.10 remote address: 114.202.132.212 Flow: sour addr: 100.44.4.0/255.255.255.0 port: 0 protocol: ip dest addr: 100.10.10.0/255.255.255.0 port: 0 protocol: ip [Inbound ESP SAs] SPI: 2247051525 (0x85ef4905) Connection ID: 4294967296 Transform set: ESP-ENCRYPT-DES-CBC ESP-AUTH-MD5 SA duration (kilobytes/sec): 1843200/3600 SA remaining duration (kilobytes/sec): 1833773/3456 Max received sequence-number: 16699 Anti-replay check enable: Y Anti-replay window size: 64 UDP encapsulation used for NAT traversal: N Status: Active [Outbound ESP SAs] SPI: 4091890288 (0xf3e54a70) Connection ID: 4294967297 Transform set: ESP-ENCRYPT-DES-CBC ESP-AUTH-MD5 SA duration (kilobytes/sec): 1843200/3600 SA remaining duration (kilobytes/sec): 1837001/3456 Max sent sequence-number: 16332 UDP encapsulation used for NAT traversal: N Status: Active
连接成功!
0 0
- H3C Comware V7 IpsecVpn
- H3C Comware V7新增的RBAC
- H3C携手渠道合作伙伴 共享Comware V5魅力
- TCL嵌入式测试技术在Comware V7系统中的应用
- 华三 H3C v7平台
- ipsecVPN搭建
- h3c
- h3c
- h3c
- IPsecVPN与IPV6
- 使用Libreswan配置ipsecvpn
- GRE与IPsecVPN
- IPSecVPN和OpenVPN-IPSec平反
- IPSecVPN和OpenVPN-IPSec平反
- centOS 配置IPsecVPN手记--strongswan
- cisco H3C
- H3C命令
- 学习-H3C
- stm32 PWM输出
- java中properties文件路径的访问及XML字符编码问题
- acm_Knight Moves
- OpenGL鼠标轨迹球
- 小sugar呀——大数——记录——大数阶乘
- H3C Comware V7 IpsecVpn
- 英语雅思6.5是什么水平?
- LayoutAnimation动画
- LeetCode Different Ways to Add Parentheses
- 为什么viewdidunload被弃用
- HDU 1005 Number Sequence
- MySQL 删除外键操作
- emacs24.x自动补全配置
- IT忍者神龟之Java获取各种常用时间