最美情侣中文字幕电影,在线麻豆精品传媒,在线网站高清黄,久久黄色视频

歡迎光臨散文網 會員登陸 & 注冊

華三IPsec-野蠻模式

2023-06-04 13:26 作者:青松一路似相逢  | 我要投稿

【拓撲圖】

IPsec規(guī)劃圖

【需求】FW3(分部)通過NAT設備與FW4(總部1)建立IPsec隧道;FW3(分部)通過NAT設備與FW8(總部2)建立IPsec隧道


----------------------------------------------------分部配置如下-----------------------------------------------

【FW1】

interface GigabitEthernet1/0/5

?ip address 1.1.1.2 255.255.255.0

?nat outbound 2000

#

interface GigabitEthernet1/0/10

?ip address 10.0.12.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 1.1.1.1

?ip route-static 192.168.10.0 24 10.0.12.2

#

acl basic 2000

?rule 5 permit source 10.0.12.0 0.0.0.255

#

nat policy

?rule name 5

? action easy-ip

#

security-policy ip

?rule 0 name test-any

? action pass

#

【FW3】

interface GigabitEthernet1/0/5

?ip address 10.0.12.2 255.255.255.0

?ipsec apply policy zb1policy

或者

?ipsec apply policy zb2policy

#

interface GigabitEthernet1/0/10

?ip address 192.168.10.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 10.0.12.1

#

acl advanced 3000

?rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255

?rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0.0.0.255

#

ipsec transform-set 5

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec transform-set 10

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec policy zb1policy 5 isakmp

?transform-set 10

?security acl 3000

?remote-address 2.2.2.2

?ike-profile 10

#

ipsec policy zb2policy 5 isakmp

?transform-set 5

?security acl 3000

?remote-address 3.3.3.2

?ike-profile 5

#

ike profile 5

?keychain 5

?exchange-mode aggressive

?local-identity user-fqdn fb

?match remote identity address 3.3.3.2 255.255.255.255

?proposal 5

#

ike profile 10

?keychain 10

?exchange-mode aggressive

?local-identity user-fqdn fb

?match remote identity address 2.2.2.2 255.255.255.255

?proposal 10

#

ike proposal 5

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike proposal 10

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike keychain 5

?pre-shared-key address 3.3.3.2 255.255.255.255 key cipher $c$3$JpP3sPfDJjtOON3t7atiLT19pTaZc0X3QQ==

#

ike keychain 10

?pre-shared-key address 2.2.2.2 255.255.255.255 key cipher $c$3$RFQqv8wL0FmwZW5CEL9snwo6MJaFq5gDBg==

#

security-policy ip

?rule 0 name test-any

? action pass

#


----------------------------------------------------總部1配置如下-----------------------------------------------

【FW2】

interface GigabitEthernet1/0/5

?ip address 2.2.2.2 255.255.255.0

?nat outbound 2000

?nat server protocol udp global 2.2.2.2 500 inside 172.0.12.2 500 rule ServerRule_2

?nat server protocol udp global 2.2.2.2 4500 inside 172.0.12.2 4500 rule ServerRule_3

?nat server protocol 50 global 2.2.2.2 inside 172.0.12.2 rule ServerRule_1

#

interface GigabitEthernet1/0/10

?ip address 172.0.12.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 2.2.2.1

?ip route-static 192.168.20.0 24 172.0.12.2

#

acl basic 2000

?rule 5 permit source 172.0.12.0 0.0.0.255

#

security-policy ip

?rule 0 name test-any

? action pass

#


【FW4】

interface GigabitEthernet1/0/5

?port link-mode route

?combo enable copper

?ip address 172.0.12.2 255.255.255.0

?ipsec apply policy fbpolicy1

#

interface GigabitEthernet1/0/10

?port link-mode route

?combo enable copper

?ip address 192.168.20.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 172.0.12.1

#

acl advanced 3000

?rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

#

ipsec transform-set 10

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec policy-template fbpolicy 5

?transform-set 10

?security acl 3000

?ike-profile 10

#

ipsec policy fbpolicy1 5 isakmp template fbpolicy

#

ike profile 10

?keychain 10

?exchange-mode aggressive

?match remote identity user-fqdn fb

?proposal 10

#

ike proposal 10

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike keychain 10

?pre-shared-key hostname fb key cipher $c$3$jy74ZpWrbna/X8mV5+JgWknoKqSrnftSxQ==

#

security-policy ip

?rule 0 name test-any

? action pass

#


----------------------------------------------------總部2配置如下-----------------------------------------------

【FW8】

interface GigabitEthernet1/0/5

?ip address 3.3.3.2 255.255.255.0

?ipsec apply policy fbpolicy1

#

interface GigabitEthernet1/0/10

?ip address 192.168.30.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 3.3.3.1

#

acl advanced 3000

?rule 5 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

#

ipsec transform-set 5

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec policy-template fbpolicy 5

?transform-set 5

?security acl 3000

?ike-profile 5

#

ipsec policy fbpolicy1 5 isakmp template fbpolicy

#

ike profile 5

?keychain 5

?exchange-mode aggressive

?match remote identity user-fqdn fb

?proposal 5

#

ike proposal 5

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike keychain 5

?pre-shared-key hostname fb key cipher $c$3$teL4sOn7Lb5MHZaqJMQK0gNmybAgBbdc2Q==

#

security-policy ip

?rule 0 name test-any

? action pass

#


【驗證】

分部到總部1

分部出接口應用總部1的IPsec策略
私網流量互通


分部到總部2

分部出接口應用總部2的ipsec策略
私網流量互通


標簽:

華三IPsec-野蠻模式的評論 (共 條)

分享到微博請遵守國家法律
睢宁县| 丁青县| 密云县| 赤峰市| 仪陇县| 新河县| 磴口县| 宝应县| 阳信县| 彭山县| 江口县| 绿春县| 德钦县| 富平县| 合作市| 辛集市| 大名县| 陈巴尔虎旗| 关岭| 玛曲县| 新巴尔虎右旗| 广丰县| 龙南县| 兴业县| 灵宝市| 舒城县| 绥中县| 棋牌| 海晏县| 都匀市| 东兰县| 安丘市| 依兰县| 富蕴县| 邛崃市| 新郑市| 临西县| 安西县| 石首市| 乐亭县| 湘潭县|