点到多点
总部:
ipsec transform-set zongbu
esp encryption-algorithm des-cbc
esp authentication-algorithm md5
#
ipsec policy-template zongbu 1
transform-set zongbu
security acl 3000
ike-profile zongbu
#
ipsec policy zongbu 1 isakmp template zongbu
#
ike profile zongbu
keychain zongbu
exchange-mode aggressive
local-identity fqdn zongbu
match remote identity fqdn fenbu
#
#
ike keychain zongbu
pre-shared-key hostname fenbu key simple 123456
interface GigabitEthernet0/1
ipsec apply policy zongbu
分部:
ipsec transform-set fenbu
esp encryption-algorithm des-cbc
esp authentication-algorithm md5
#
ipsec policy fenbu 1 isakmp
transform-set fenbu
security acl 3000
remote-address 61.128.1.1
ike-profile fenbu
#
ike identity fqdn fenbu
#
ike profile fenbu
keychain fenbu
exchange-mode aggressive
local-identity fqdn fenbu
match remote identity fqdn zongbu
#
ike keychain fenbu
pre-shared-key address 61.128.1.1 255.255.255.255 key simple 123456
interface GigabitEthernet0/0
ipsec apply policy fenbu
点到点
感兴趣流
acl advanced 3000
rule 5 permit ip source 172.16.1.0 0.0.0.255 destination 10.1.1.0 0.0.0.255(需要变化)
ipsec transform-set IPSEC
esp encryption-algorithm 3des-cbc
esp authentication-algorithm md5
pfs dh-group2
ipsec policy IPSEC 1 isakmp
transform-set IPSEC
security acl name IPSEC
local-address 192.168.11.210(需要变化)
remote-address 106.120.246.2(需要变化)
ike-profile IPSEC
ike profile IPSEC
keychain IPSEC
local-identity address 192.168.11.210(需要变化)
match remote identity address 106.120.246.2 255.255.255.255(需要变化)
proposal 1
ike proposal 1
encryption-algorithm 3des-cbc
dh group2
authentication-algorithm md5
ike keychain IPSEC
pre-shared-key address 106.120.246.2 255.255.255.255 key simple 123456(需要变化)
