IPsec实验:
拓扑图如图所示:
路由器配置命令:
AR1:
system-view
sysname ISP
interface g0/0/0
ip address 6.6.6.2 29
interface g0/0/1
ip address 16.16.16.2 29
AR2:
system-view
sysname CQ
interface g0/0/0
ip address 6.6.6.1 29
interface g0/0/2
ip address 192.168.6.254 24
ip route-static 0.0.0.0 0.0.0.0 6.6.6.2
ipsec proposal CQ
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ipsec policy CQ-SH 10 manual
security acl 3000
proposal CQ
tunnel local 6.6.6.1
tunnel remote 16.16.16.1
sa spi inbound esp 123456
sa spi outbound esp 654321
sa string-key inbound esp cipher connie
sa string-key outbound esp cipher susan
interface g0/0/0
ipsec policy CQ-SH
acl 3000
rule 5 permit ip source 192.168.6.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
AR3:
system-view
sysname SH
interface g0/0/1
ip address 16.16.16.1 29
interface g0/0/2
ip address 192.168.16.254 24
ip route-static 0.0.0.0 0.0.0.0 16.16.16.2
ipsec proposal SH
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ipsec policy SH-CQ 10 manual
security acl 3000
proposal SH
tunnel local 16.16.16.1
tunnel remote 6.6.6.1
sa spi outbound esp 123456
sa spi inbound esp 654321
sa string-key outbound esp cipher connie
sa string-key inbound esp cipher susan
interface g0/0/1
ipsec policy SH-CQ
acl 3000
rule 5 permit ip source 192.168.16.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
两个PC机的配置:
测试连通性:
菜菜的代码,希望能够帮助到你哟!