IPSec配置实验

标签：10 配置 manual policy 实验 IPSec RouterB RouterA ipsec

实验拓扑

IPSec实验拓扑图如下：

实验思路

• 配置IP地址
• 配置路由
• 添加兴趣流
• IPSec安全提议
• ipsec配置
• 应用ipsec安全策略

1、配置接口下的IP地址，步骤省略。

2、配置路由

配置RouterA静态路由

[RouterA]ip route-static 2.1.1.0 24 1.1.1.2
[RouterA]ip route-static 10.1.2.0 24 1.1.1.2

配置RouterB静态路由

[RouterB]ip route-static 10.1.1.0 255.255.255.0 2.1.1.2
[RouterB]ip route-static 1.1.1.0 255.255.255.0 2.1.1.2

配置Internet静态路由

ip route-static 10.1.2.0 255.255.255.0 2.1.1.1
ip route-static 10.1.1.0 255.255.255.0 1.1.1.1

3、添加兴趣流

配置RouterA感兴趣流

[RouterA]acl 3101
[RouterA-acl-adv-3101]rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255

配置RouterB感兴趣流　　

[Huawei]acl 3101
[Huawei-acl-adv-3101]rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255

4、IPSec安全提议

RouterA

[RouterA]ipsec proposal tran1
[RouterA-ipsec-proposal-tran1]encapsulation-mode tunnel 
[RouterA-ipsec-proposal-tran1]esp authentication-algorithm sha2-256
[RouterA-ipsec-proposal-tran1]esp encryption-algorithm aes-128 

RouterB

[RouterB]ipsec proposal tran1
[RouterB-ipsec-proposal-tran1]encapsulation-mode tunnel 
[RouterB-ipsec-proposal-tran1]esp authentication-algorithm sha2-256
[RouterB-ipsec-proposal-tran1]esp encryption-algorithm aes-128 

5、配置IPSec策略

RouterA

[RouterA]ipsec policy map1 10 manual
[RouterA-ipsec-policy-manual-map1-10]security acl 3101
[RouterA-ipsec-policy-manual-map1-10]proposal tran1
[RouterA-ipsec-policy-manual-map1-10]tunnel local 1.1.1.1
[RouterA-ipsec-policy-manual-map1-10]tunnel remote 1.1.1.2
[RouterA-ipsec-policy-manual-map1-10]sa spi inbound esp 54321
[RouterA-ipsec-policy-manual-map1-10]sa string-key inbound esp cipher Huawei
[RouterA-ipsec-policy-manual-map1-10]sa spi outbound esp 54321
[RouterA-ipsec-policy-manual-map1-10]sa string-key outbound esp cipher Huawei

RouterB　　

[RouterB]ipsec policy use1 10 manual
[RouterB-ipsec-policy-manual-use1-10]security acl 3101
[RouterB-ipsec-policy-manual-use1-10]proposal tran1
[RouterB-ipsec-policy-manual-use1-10]tunnel local 1.1.1.2
[RouterB-ipsec-policy-manual-use1-10]tunnel remote 1.1.1.1
[RouterB-ipsec-policy-manual-use1-10]sa spi inbound esp 54321
[RouterB-ipsec-policy-manual-use1-10]sa string-key inbound esp cipher Huawei
[RouterB-ipsec-policy-manual-use1-10]sa spi outbound esp 54321
[RouterB-ipsec-policy-manual-use1-10]sa string-key outbound esp cipher Huawei

6、应用ipsec安全策略

RouterA

[RouterA]interface GigabitEthernet 0/0/0
[RouterA-GigabitEthernet0/0/0]ipsec policy map1

 RouterB

[RouterB]interface GigabitEthernet 0/0/0
[RouterB-GigabitEthernet0/0/0]ipsec policy use1　

　参考文档：https://copyfuture.com/blogs-details/20200213183253997vax17yv4xnrzcwx　　

标签：10,配置,manual,policy,实验,IPSec,RouterB,RouterA,ipsec
From： https://www.cnblogs.com/longlyseul/p/16972031.html