ipsec實驗:
拓撲圖如圖所示:
路由器配置命令:
ar1:
system-view
sysname isp
inte***ce g0/0/0
ip address 6.6.6.2 29
inte***ce g0/0/1
ip address 16.16.16.2 29
ar2:
system-view
sysname cq
inte***ce g0/0/0
ip address 6.6.6.1 29
inte***ce g0/0/2
ip address 192.168.6.254 24
ip route-static 0.0.0.0 0.0.0.0 6.6.6.2
ipsec proposal cq
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ipsec policy cq-sh 10 manual
security acl 3000
proposal cq
tunnel local 6.6.6.1
tunnel remote 16.16.16.1
sa spi inbound esp 123456
sa spi outbound esp 654321
sa string-key inbound esp cipher connie
sa string-key outbound esp cipher susan
inte***ce g0/0/0
ipsec policy cq-sh
acl 3000
rule 5 permit ip source 192.168.6.0 0.0.0.255 destination 192.168.16.0 0.0.0.255
ar3:
system-view
sysname sh
inte***ce g0/0/1
ip address 16.16.16.1 29
inte***ce g0/0/2
ip address 192.168.16.254 24
ip route-static 0.0.0.0 0.0.0.0 16.16.16.2
ipsec proposal sh
encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ipsec policy sh-cq 10 manual
security acl 3000
proposal sh
tunnel local 16.16.16.1
tunnel remote 6.6.6.1
sa spi outbound esp 123456
sa spi inbound esp 654321
sa string-key outbound esp cipher connie
sa string-key inbound esp cipher susan
inte***ce g0/0/1
ipsec policy sh-cq
acl 3000
rule 5 permit ip source 192.168.16.0 0.0.0.255 destination 192.168.6.0 0.0.0.255
測試連通性:
菜菜的**,希望能夠幫助到你喲!
實驗名稱 IPSec
system view 進系統檢視 enter system view,return user view with ctrl z.huawei sysname ar 1 修改主機名為ar 1 ar 1 int g0 0 0 進介面 ar 1 gigabitethernet0 0 0 ip addre...
簡單ipsec實驗
簡單ipsec實驗 實驗拓撲 需求如上圖 第一步先配置好各裝置的ip位址,然後分別在r1 r3分別配置一條靜態路由使網路可達 第二步再配置acl,來選擇出需要進行ipsec處理的興趣流 r1 acl adv 3000 rule permit ip source 192.168.10.0 0.0.0....
雲計算專業防火牆混合模式應用實驗
雲計算專業防火牆混合模式應用實驗 實驗要求如下 1.防火牆和路由器執行ospf 2.防火牆可以ping通主機和伺服器 3.pc1和pc2可以互訪 4.pc1和pc2可以訪問ftp,但ftp不能主動訪問pc1和pc2 5.裝置名都要配置為自己名字,ip位址和vlan規劃與學號有關。拓撲圖如下 配置命令...