首页 > 其他分享 >ipsec+nat组合

ipsec+nat组合

时间:2024-09-22 15:22:27浏览次数:3  
标签:1.0 组合 default 0.0 0.255 nat ip interface ipsec

1、网络拓扑图

ipsec+nat组合_ci

2、需要注意的关键技术

nat转换中需要排除ipsec网络

R1端:

acl number 3000

rule 5 deny ip source 192.168.1.0 0.0.0.255 destination 172.16.1.0 0.0.0.255

rule 10 permit IP source 192.168.1.0 0.0.0.255 destination any

int g0/0/0

nat outbound 3000

R3端:

acl number 3000

rule 5 deny ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

rule 10 permit ip source 172.16.1.0 0.0.0.255 destination any

int g0/0/0

nat outbound 3000

3、详细配置

R1:

[Hub]display current-configuration  

[V200R003C00]

#

sysname Hub

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

acl number 3000  

rule 5 deny ip source 192.168.1.0 0.0.0.255 destination 172.16.1.0 0.0.0.255  

rule 10 permit ip source 192.168.1.0 0.0.0.255  

acl number 3001  

rule 5 permit ip source 192.168.1.0 0.0.0.255 destination 172.16.1.0 0.0.0.255  

#

ipsec proposal huawei

esp authentication-algorithm sha1

#

ipsec policy easthome 1 manual

security acl 3001

proposal huawei

tunnel local 20.1.1.1

tunnel remote 30.1.1.2

sa spi inbound esp 54321

sa string-key inbound esp cipher %$%$TW"<=SLc>7'I)t:iHtJ.,.2n%$%$

sa spi outbound esp 12345

sa string-key outbound esp cipher %$%$TW"<=SLc>7'I)t:iHtJ.,.2n%$%$

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 20.1.1.1 255.255.255.0  

ipsec policy easthome

nat outbound 3000

#

interface GigabitEthernet0/0/1

ip address 192.168.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 20.1.1.2

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

[Hub]

R2:

<internet>display current-configuration  

[V200R003C00]

#

sysname internet

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 30.1.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 20.1.1.2 255.255.255.0  

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<internet>

R3:

[Spoke]display current-configuration  

[V200R003C00]

#

sysname Spoke

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

acl number 3000  

rule 5 deny ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255  

rule 10 permit ip source 172.16.1.0 0.0.0.255  

acl number 3001  

rule 5 permit ip source 172.16.1.0 0.0.0.255 destination 192.168.1.0 0.0.0.255  

#

ipsec proposal huawei

esp authentication-algorithm sha1

#

ipsec policy easthome 1 manual

security acl 3001

proposal huawei

tunnel local 30.1.1.2

tunnel remote 20.1.1.1

sa spi inbound esp 12345

sa string-key inbound esp cipher %$%$TW"<=SLc>7'I)t:iHtJ.,.2n%$%$

sa spi outbound esp 54321

sa string-key outbound esp cipher %$%$TW"<=SLc>7'I)t:iHtJ.,.2n%$%$

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 172.16.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 30.1.1.2 255.255.255.0  

ipsec policy easthome

nat outbound 3000

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

ip route-static 0.0.0.0 0.0.0.0 30.1.1.1

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

[Spoke] 




标签:1.0,组合,default,0.0,0.255,nat,ip,interface,ipsec
From: https://blog.51cto.com/u_13560030/12080641

相关文章

  • C语言中if else组合
    一bool变量与“零值”进行比较bool变量与“零值”进行比较的if语句怎么写?boolbTestFlag=FALSE;//想想为什么一般初始化为FALSE比较好?A),if(bTestFlag==0);if(bTestFlag==1);B),if(bTestFlag==TRUE);if(bTestFlag==FLASE);C),if(bTestFlag);if(!bT......
  • 在 Effect-TS 中组合选项:实用指南
    effect-ts提供了几种在函数式编程上下文中组合可选值或选项的强大方法。无论您想要将多个选项配对在一起还是将选项内的函数应用于其他值,该库都提供了多种方法来简化这些操作。在本文中,我们将探讨组合选项的四个关键函数:o.product、o.productmany、o.all和o.ap。示例1:使......
  • 使用 Zustand 简化 React Native 中的状态管理
    状态管理是现代应用程序开发的一个重要方面,在reactnative中,有效管理状态可以显着提高应用程序的性能和可维护性。zustand是react的简约状态管理库,为处理reactnative应用程序中的状态提供了一个优雅而简单的解决方案。在本博客中,我们将探讨zustand、它的工作原理以及为......
  • React Native 最佳实践
    如果您是reactnative开发者初学者,或者有经验,那么您必须意识到代码实践是一项不容妥协的技能。作为开发人员,项目的交付是必须的,但编写可扩展且高质量的代码将对您和您的团队的未来有所帮助。在我们继续之前,这些实践可以在reactnativecli或expo项目上使用。从2024年开始,r......
  • 【hot100-java】【组合总和】
    R8-回溯篇印象题,很基本的回溯classSolution{voidbacktrack(List<Integer>state,inttarget,int[]choices,intstart,List<List<Integer>>ret){//子集和等于target,记录解if(target==0){ret.add(newArrayList<>(state));......
  • 沟槽的组合变形
    给定数\(p,m\),\(p\)是质数,求\[\sum_{i=0}^{p-1}\binom{2i}{i}m^i\bmodp\]多测,\(T\le10^4\),\(1\lem<p\le10^{14}\)。忽略\(p=2\)的情况,对\(\displaystyle\binom{2n}{n}\)变形:\[\begin{aligned}\binom{2n}{n}&=2^n\cdot\frac{1\times......
  • leetcode刷题day22|回溯算法Part01( 77. 组合 、216. 组合总和 III、17.电话号码的字母
    前言:回溯是递归的副产品,只要有递归就会有回溯,回溯函数也就是递归函数。回溯是暴力穷举解法,效率并不高。但一些问题只能使用回溯来解决。回溯法,一般可以解决如下几种问题:组合问题:N个数里面按一定规则找出k个数的集合切割问题:一个字符串按一定规则有几种切割方式子集问题:一......
  • leetcode刷题day23|回溯算法Part02(39. 组合总和 、40.组合总和II、131.分割回文串)
    39.组合总和思路:这个题与77.组合的差异在于元素可以无限制重复被选取,那么只需要更改startIndex即可,每一层递归都可以从头选用元素。回溯三部曲与77.组合基本一致。代码如下:classSolution{List<List<Integer>>result=newArrayList<>();List<Integer>pa......
  • A lightweight python package, alternative of pyscafford
    python_packagehttps://github.com/fanqingsong/python_packageDescriptionAproductionreadypythonlibrarytemplateMetadataanddependencyinformationisstoredinthepyproject.tomlforcompatibilitywithbothpipandpoetry.Flake8,pylint,andi......
  • js数组合并与对象合并的方法汇总
    ......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99