HCIP-IPsec2

  |   0 评论   |   0 浏览

image.png

1.创建安全提议及安全策略
对数据加密和认证的一个方案(认证算法、加密算法、以及隧道封装模式、IKE版本、认证密码等)
AH:只能用来做认证和校验
ESP:既可以用来做认证、校验也能用来做数据加密

[R4]ipsec proposal abc   //创建提议abc

默认的封装方式:默认采用esp模式的隧道封装,使用的认证算法为MD5-HMAC-96,加密算法:DES。

image.png

[R4]ike proposal 5

image.png
image.png

[R4]ike peer Beijing v2
[R4-ike-peer-Beijing]pre-shared-key cipher huawei    //配置密码为huawei
[R4-ike-peer-Beijing]ike-proposal 5
[R4]ipsec profile To_Beijing
[R4-ipsec-profile-To_Beijing]ike-peer Beijing 
[R4-ipsec-profile-To_Beijing]proposal abc

[R4]ike peer Shanghai v2
[R4-ike-peer-Shanghai]pre-shared-key cipher huawei
[R4-ike-peer-Shanghai]ike-proposal 5
[R4-ike-peer-Shanghai]quit
[R4]ipsec profile To_Shanghai
[R4-ipsec-profile-To_Shanghai]ike-peer Shanghai
[R4-ipsec-profile-To_Shanghai]proposal abc


[R4]ike peer Zongbu v2
[R4-ike-peer-Zongbu]pre-shared-key cipher huawei
[R4-ike-peer-Zongbu]ike-proposal 5
[R4-ike-peer-Zongbu]quit
[R4]ipsec profile To_Zongbu
[R4-ipsec-profile-To_Zongbu]ike-peer Zongbu 
[R4-ipsec-profile-To_Zongbu]proposal abc

image.png
image.png

2.创建GRE隧道接口,并将IPsec vpn策略文件调用到隧道接口

[R2]ipsec proposal abc
[R2-ipsec-proposal-abc]quit

[R2]ike peer Zongbu v2
[R2-ike-peer-Zongbu]pre-shared-key cipher huawei
[R2-ike-peer-Zongbu]ike-proposal 5
[R2-ike-peer-Zongbu]quit

[R2]ike peer Shanghai v2
[R2-ike-peer-Shanghai]pre-shared-key cipher huawei
[R2-ike-peer-Shanghai]ike-proposal 5
[R2-ike-peer-Shanghai]quit

[R2]ike peer Shenzhen v2
[R2-ike-peer-Shenzhen]pre-shared-key cipher huawei
[R2-ike-peer-Shenzhen]ike-proposal 5
[R2-ike-peer-Shenzhen]quit

[R2]ipsec profile To_Zongbu
[R2-ipsec-profile-To_Zongbu]ike-peer Zongbu
[R2-ipsec-profile-To_Zongbu]proposal abc

[R2]ipsec profile To_Shanghai
[R2-ipsec-profile-To_Shanghai]ike-peer Shanghai
[R2-ipsec-profile-To_Shanghai]proposal abc
[R2-ipsec-profile-To_Shanghai]quit

[R2]ipsec profile To_Shenzhen
[R2-ipsec-profile-To_Shenzhen]ike-peer Shenzhen
[R2-ipsec-profile-To_Shenzhen]proposal abc

[R2]interface tunnel 0/0/0
[R2-Tunnel0/0/0]tunnel-protocol gre
[R2-Tunnel0/0/0]source g0/0/0
[R2-Tunnel0/0/0]destination 15.1.1.2
[R2-Tunnel0/0/0]ip add 192.168.25.2 24
[R2-Tunnel0/0/0]ipsec profile To_Zongbu

[R2]interface tunnel 0/0/1
[R2-Tunnel0/0/1]tunnel-protocol gre
[R2-Tunnel0/0/1]source g0/0/0
[R2-Tunnel0/0/1]destination 13.1.1.2
[R2-Tunnel0/0/1]ip add 192.168.23.2 24
[R2-Tunnel0/0/1]ipsec profile To_Shanghai
[R2-Tunnel0/0/1]quit

[R2]interface tunnel 0/0/2
[R2-Tunnel0/0/2]tunnel-protocol gre
[R2-Tunnel0/0/2]source g0/0/0
[R2-Tunnel0/0/2]destination 14.1.1.2 
[R2-Tunnel0/0/2]ip add 192.168.24.2 24
[R2-Tunnel0/0/2]ipsec profile To_Shenzhen


[R3]ipsec proposal abc
[R3-ipsec-proposal-abc]quit
[R3]ike proposal 5
[R3-ike-proposal-5]quit
[R3]ike peer Beijing v2
[R3-ike-peer-Beijing]pre-shared-key cipher huawei
[R3-ike-peer-Beijing]ike-proposal 5
[R3-ike-peer-Beijing]quit
[R3]ike peer Zongbu v2
[R3-ike-peer-Zongbu]pre-shared-key cipher huawei
[R3-ike-peer-Zongbu]ike-proposal 5
[R3-ike-peer-Zongbu]quit
[R3]ike peer Shenzhen v2
[R3-ike-peer-Shenzhen]pre-shared-key cipher huawei
[R3-ike-peer-Shenzhen]ike-proposal 5
[R3-ike-peer-Shenzhen]quit
[R3]ipsec profile To_Zongbu
[R3-ipsec-profile-To_Zongbu]ike-peer Zongbu
[R3-ipsec-profile-To_Zongbu]proposal abc
[R3-ipsec-profile-To_Zongbu]quit
[R3]ipsec profile To_Beijing 
[R3-ipsec-profile-To_Beijing]ike-peer Beijing
[R3-ipsec-profile-To_Beijing]proposal abc
[R3-ipsec-profile-To_Beijing]quit
[R3]ipsec profile To_Shenzhen
[R3-ipsec-profile-To_Shenzhen]ike-peer Shenzhen
[R3-ipsec-profile-To_Shenzhen]proposal abc

[R3]interface tunnel 0/0/0
[R3-Tunnel0/0/0]tunnel-protocol gre
[R3-Tunnel0/0/0]source g0/0/0
[R3-Tunnel0/0/0]destination 15.1.1.2
[R3-Tunnel0/0/0]ip add 192.168.35.3 24
[R3-Tunnel0/0/0]ipsec profile To_Zongbu
[R3-Tunnel0/0/0]quit
[R3]interface tunnel 0/0/1
[R3-Tunnel0/0/1]tunnel-protocol gre
[R3-Tunnel0/0/1]source g0/0/0
[R3-Tunnel0/0/1]destination 12.1.1.2
[R3-Tunnel0/0/1]ip add 192.168.23.3 24
[R3-Tunnel0/0/1]ipsec profile To_Beijing
[R3-Tunnel0/0/1]quit
[R3]interface tunnel 0/0/2
[R3-Tunnel0/0/2]tunnel-protocol gre
[R3-Tunnel0/0/2]source g0/0/0
[R3-Tunnel0/0/2]destination 14.1.1.2
[R3-Tunnel0/0/2]ip add 192.168.34.3 24
[R3-Tunnel0/0/2]ipsec profile To_Shenzhen


[R4]interface Tunnel 0/0/0
[R4-Tunnel0/0/0]tunnel-protocol gre
[R4-Tunnel0/0/0]source GigabitEthernet 0/0/0
[R4-Tunnel0/0/0]destination 15.1.1.2
[R4-Tunnel0/0/0]ip add 192.168.45.4 24
[R4-Tunnel0/0/0]ipsec profile To_Zongbu


[R4]interface Tunnel 0/0/1
[R4-Tunnel0/0/1]tunnel-protocol gre
[R4-Tunnel0/0/1]source g 0/0/0
[R4-Tunnel0/0/1]destination 12.1.1.2
[R4-Tunnel0/0/1]ip add 192.168.24.4 24
[R4-Tunnel0/0/1]ipsec profile To_Beijing


[R4]interface tunnel 0/0/2
[R4-Tunnel0/0/2]tunnel-protocol gre
[R4-Tunnel0/0/2]source g0/0/0
[R4-Tunnel0/0/2]destination 13.1.1.2
[R4-Tunnel0/0/2]ip add 192.168.34.4 24
[R4-Tunnel0/0/2]ipsec profile To_Shanghai

3.ospf配置

[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.168.23.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.168.24.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 192.168.25.0 0.0.0.255


[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.23.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.34.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 192.168.35.0 0.0.0.255


[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.24.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.34.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]network 192.168.45.0 0.0.0.255

image.png

image.png

image.png

image.png

image.png

image.png

备案图标.png