IPSECf500设置IPSEC OVER GRE有案例吗?
(0)
最佳答案

VPN1:
#
sysname VPN1
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 202.0.0.1 255.255.255.252
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 192.168.1.254 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 192.168.3.254 255.255.255.0
#
ip route-static 0.0.0.0 0 202.0.0.2
#
Internet:
#
sysname internet
#
vlan 10
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 10
#
interface Vlan-interface10
ip address 202.0.0.2 255.255.255.252
#
vlan 20
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 20
#
interface Vlan-interface20
ip address 203.0.0.2 255.255.255.252
#
VPN2:
#
sysname VPN2
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 203.0.0.1 255.255.255.252
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 192.168.2.254 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 192.168.4.254 255.255.255.0
#
ip route-static 0.0.0.0 0 203.0.0.2
#
测试:
[VPN1]ping 203.0.0.1
Ping 203.0.0.1 (203.0.0.1): 56 data bytes, press CTRL+C to break
56 bytes from 203.0.0.1: icmp_seq=0 ttl=254 time=1.000 ms
56 bytes from 203.0.0.1: icmp_seq=1 ttl=254 time=0.000 ms
56 bytes from 203.0.0.1: icmp_seq=2 ttl=254 time=1.000 ms
56 bytes from 203.0.0.1: icmp_seq=3 ttl=254 time=1.000 ms
56 bytes from 203.0.0.1: icmp_seq=4 ttl=254 time=0.000 ms
--- Ping statistics for 203.0.0.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms
[VPN1]%Jul 27 13:47:11:479 2022 VPN1 PING/6/PING_STATISTICS: Ping statistics for 203.0.0.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.000/0.600/1.000/0.490 ms.
VPN1:
#
interface Tunnel0 mode gre
ip address 10.0.0.1 255.255.255.252
source GigabitEthernet0/0
destination 203.0.0.1
keepalive 10 3
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.3
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
VPN2:
#
interface Tunnel0 mode gre
ip address 10.0.0.2 255.255.255.252
source GigabitEthernet0/0
destination 202.0.0.1
keepalive 10 3
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.3
network 192.168.2.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
VPN1:
#
acl advanced 3003
rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
rule 5 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.4.0 0.0.0.255
#
ipsec transform-set 1
esp encryption-algorithm des-cbc
esp authentication-algorithm md5
#
ike keychain 1
pre-shared-key address 10.0.0.2 255.255.255.252 key simple 123
#
ike profile 1
keychain 1
local-identity address 10.0.0.1
match remote identity address 10.0.0.2 255.255.255.255
#
ipsec policy vpn 1 isakmp
transform-set 1
security acl 3003
remote-address 10.0.0.2
ike-profile 1
#
interface Tunnel0
ipsec apply policy vpn
#
VPN2:
#
acl advanced 3003
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 5 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.3.0 0.0.0.255
#
ipsec transform-set 1
esp encryption-algorithm des-cbc
esp authentication-algorithm md5
#
ike keychain 1
pre-shared-key address 10.0.0.1 255.255.255.252 key simple 123
#
ike profile 1
keychain 1
local-identity address 10.0.0.2
match remote identity address 10.0.0.1 255.255.255.255
#
ipsec policy vpn 1 isakmp
transform-set 1
security acl 3003
remote-address 10.0.0.1
ike-profile 1
#
interface Tunnel0
ipsec apply policy vpn
#
[VPN1]display ike sa
Connection-ID Local Remote Flag DOI
-------------------------------------------------------------------------
1 10.0.0.1 10.0.0.2 RD IPsec
Flags:
RD--READY RL--REPLACED FD-FADING RK-REKEY
[VPN1]display ipsec sa
-------------------------------
Interface: Tunnel0
-------------------------------
-----------------------------
IPsec policy: vpn
Sequence number: 1
Mode: ISAKMP
-----------------------------
Tunnel id: 0
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Inside VPN:
Extended Sequence Numbers enable: N
Traffic Flow Confidentiality enable: N
Transmitting entity: Initiator
Path MTU: 1420
Tunnel:
local address: 10.0.0.1
remote address: 10.0.0.2
Flow:
sour addr: 192.168.1.0/255.255.255.0 port: 0 protocol: ip
dest addr: 192.168.2.0/255.255.255.0 port: 0 protocol: ip
[Inbound ESP SAs]
SPI: 3567442252 (0xd4a2d94c)
Connection ID: 4294967296
Transform set: ESP-ENCRYPT-DES-CBC ESP-AUTH-MD5
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843199/3432
Max received sequence-number: 4
Anti-replay check enable: Y
Anti-replay window size: 64
UDP encapsulation used for NAT traversal: N
Status: Active
[Outbound ESP SAs]
SPI: 1937845178 (0x73812bba)
Connection ID: 4294967297
Transform set: ESP-ENCRYPT-DES-CBC ESP-AUTH-MD5
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843199/3432
Max sent sequence-number: 4
UDP encapsulation used for NAT traversal: N
Status: Active
-----------------------------
IPsec policy: vpn
Sequence number: 1
Mode: ISAKMP
-----------------------------
Tunnel id: 1
Encapsulation mode: tunnel
Perfect Forward Secrecy:
Inside VPN:
Extended Sequence Numbers enable: N
Traffic Flow Confidentiality enable: N
Transmitting entity: Initiator
Path MTU: 1420
Tunnel:
local address: 10.0.0.1
remote address: 10.0.0.2
Flow:
sour addr: 192.168.3.0/255.255.255.0 port: 0 protocol: ip
dest addr: 192.168.4.0/255.255.255.0 port: 0 protocol: ip
[Inbound ESP SAs]
SPI: 73634062 (0x0463910e)
Connection ID: 4294967298
Transform set: ESP-ENCRYPT-DES-CBC ESP-AUTH-MD5
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843199/3447
Max received sequence-number: 4
Anti-replay check enable: Y
Anti-replay window size: 64
UDP encapsulation used for NAT traversal: N
Status: Active
[Outbound ESP SAs]
SPI: 3001165736 (0xb2e227a8)
Connection ID: 4294967299
Transform set: ESP-ENCRYPT-DES-CBC ESP-AUTH-MD5
SA duration (kilobytes/sec): 1843200/3600
SA remaining duration (kilobytes/sec): 1843199/3447
Max sent sequence-number: 4
UDP encapsulation used for NAT traversal: N
Status: Active
(0)
你这个是不是缺少配置?按照你这配置来,用模拟器没有建立其ipsec
已解决,感谢
 
	 
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
已解决,感谢