华为IPsec VPN隧道配置

IPsec VPN隧道配置拓扑: R1---R2---R3

------------------------------------------R1配置-----------------------------------------------------------------

步骤一：定义IKE协商参数

[Huawei]ike proposal 1

[Huawei-ike-proposal-1]encryption-algorithm 3des-cbc

[Huawei-ike-proposal-1]authentication-algorithm md5

[Huawei-ike-proposal-1]dh group1

[Huawei]ike peer R3 v1

[Huawei-ike-peer-R3]exchange-mode main

[Huawei-ike-peer-R3]pre-shared-key simple huawei

[Huawei-ike-peer-R3]local-address 12.1.1.1

[Huawei-ike-peer-R3]remote-address 23.1.1.3

步骤二：定义ipsec安全协商参数

[Huawei]ipsec proposal ic

[Huawei-ipsec-proposal-ic] transform esp

[Huawei-ipsec-proposal-ic]encapsulation-mode tunnel

[Huawei-ipsec-proposal-ic]esp authentication-algorithm sha1

[Huawei-ipsec-proposal-ic]esp encryption-algorithm aes-128

步骤三：定义感兴趣流

[Huawei]acl number 3000

[Huawei-acl-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255

步骤四：关联步骤三和步骤二

[Huawei]ipsec policy P1 10 isakmp

[Huawei-ipsec-policy-manual-P1-10]security acl 3000

[Huawei-ipsec-policy-manual-P1-10]proposal ic

[Huawei-ipsec-policy-isakmp-P1-10]ike-peer R3

步骤五：调用到接口

[Huawei]inter g0/0/0

[Huawei-g0/0/0]ipsec policy P1

------------------------------------------R3配置-----------------------------------------------------------------

步骤一：定义IKE协商参数 [Huawei]ike proposal 1

[Huawei-ike-proposal-1]encryption-algorithm 3des-cbc

[Huawei-ike-proposal-1]authentication-algorithm md5

[Huawei-ike-proposal-1]dh group1 [Huawei]ike peer R1 v1

[Huawei-ike-peer-R1]exchange-mode main

[Huawei-ike-peer-R1]pre-shared-key simple huawei

[Huawei-ike-peer-R1]local-address 23.1.1.3

[Huawei-ike-peer-R1]remote-address 12.1.1.1