H3C IPSEC OVER GRE
2017-10-19 17:06
411 查看
##### Route A ################################### interface Tunnel 0 mode gre ip address 10.254.1.2255.255.255.252 source 2.2.2.2 destination 6.6.6.6 ipsec apply policy 3100 # acl advanced 3100 description IPSEC OVER GRE rule 10 permit ip source 172.23.0.0 0.0.255.255 destination 172.21.0.0 0.0.255.255 # ipsec transform-set 3100 esp encryption-algorithm 3des-cbc esp authentication-algorithm sha1 # ipsec policy 3100 1 isakmp transform-set 3100 security acl 3100 ike-profile 3100 remote-address 10.254.1.1 # ike profile 3100 keychain 3100 exchange-mode aggressive match remote identity address 10.254.1.1 255.255.255.252 proposal 3100 # ike proposal 3100 # ike keychain 3100 pre-shared-key address 10.254.1.1 0.0.0.0 key simple 8D3.qCeP # ip route-static 172.21.0.0 16 Tunnel 0 # security-zone name Untrust import interface Tunnel 0 ##### Route B ################################### interface Tunnel 0 mode gre ip address 10.254.1.1 255.255.255.252 source 6.6.6.6 destination 2.2.2.2 ipsec apply policy 3100 # ip route-static 172.23.0.016 Tunnel 0 # acl advanced 3100 description IPSEC OVER GRE rule 10 permit ip source 172.21.0.0 0.0.255.255 destination 172.23.0.0 0.0.255.255 # ipsec transform-set 3100 esp encryption-algorithm 3des-cbc esp authentication-algorithm sha1 # ipsec policy 3100 1 isakmp transform-set 3100 security acl 3100 remote-address 10.254.1.2 ike-profile 3100 # ike profile 3100 keychain 3100 exchange-mode aggressive match remote identity address 10.254.1.2 255.255.255.252 proposal 3100 # ike proposal 3100 # ike keychain 3100 pre-shared-key address 10.254.1.2 0.0.0.0 key simple 8D3.qCeP # security-zone name Untrust import interface Tunnel 0
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 