H3C MSR20系列路由器IPSEC VPN设置方法
H3C MSR20系列路由器 IPSEC VPN 设置一例(对端除IKE名称 、ACL数据流向不同外 其他一致),本端ADSL接入方式,对端固定IP接入
version 5.20, Release 2207P02, Basic
peer#
sysname testvpn
#
ike local-name testvpn
ike sa keepalive-timer timeout 28800
#
domain default enable system
#
telnet server enable
#
dar p2p signature-file cfa0:/d
#
port-security enable
#
acl number 3001 name nat
rule 0 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 (对端VPN设置 两个IP地址段对调)
rule 20 permit ip source 192.168.2.94 0 允许内网nat 的地址(可上网的ip)
rule 30 permit ip source 192.168.2.80 0
acl number 3026
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 定义VPN隧道数据流向(对端VPN设置 两个IP地址段对调)
#
vlan 1
dar p2p signature-file cfa0:/d
#
port-security enable
#
acl number 3001 name nat
rule 0 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 (对端VPN设置 两个IP地址段对调)
rule 20 permit ip source 192.168.2.94 0 允许内网nat 的地址(可上网的ip)
rule 30 permit ip source 192.168.2.80 0
acl number 3026
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 定义VPN隧道数据流向(对端VPN设置 两个IP地址段对调)
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike peer testvpn 设置IKE 对等体
exchange-mode aggressive 野蛮模式
pre-shared-key cipher nWUE29323vCRHSJ19231231hkSNpRHtg== 共享密钥
id-type name ID类型为名称
remote-name testpeer 远程IKE名称
remote-address 202.106.0.20 (因本端ADSL接入动态IP地址,对端指定本段IKE名称即可不用指定远程IP地址)
local-name testvpn 本地IKE名称
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike peer testvpn 设置IKE 对等体
exchange-mode aggressive 野蛮模式
pre-shared-key cipher nWUE29323vCRHSJ19231231hkSNpRHtg== 共享密钥
id-type name ID类型为名称
remote-name testpeer 远程IKE名称
remote-address 202.106.0.20 (因本端ADSL接入动态IP地址,对端指定本段IKE名称即可不用指定远程IP地址)
local-name testvpn 本地IKE名称
nat traversal nat穿越
#
ipsec proposal testvpn
#
ipsec policy testvpn 10 isakmp
security acl 3026 匹配的ACL
pfs dh-group1
ike-peer testvpn IKE对等体名称
proposal testvpn IPSEC 安全提议名称
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .]@QWEUSEWEW=B,53Q123=^Q`M12DAAF4<1!!
#
ipsec proposal testvpn
#
ipsec policy testvpn 10 isakmp
security acl 3026 匹配的ACL
pfs dh-group1
ike-peer testvpn IKE对等体名称
proposal testvpn IPSEC 安全提议名称
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .]@QWEUSEWEW=B,53Q123=^Q`M12DAAF4<1!!
authorization-attribute level 3
service-type telnet
service-type web
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Dialer1 设置 PPPOE拨号接口
nat outbound 3001
link-protocol ppp
service-type telnet
service-type web
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Dialer1 设置 PPPOE拨号接口
nat outbound 3001
link-protocol ppp
ppp pap local-user 9009239392939 password cipher )^6G123G6S032316;R3Q=^Q`MAF4<1!!
mtu 1450
ip address ppp-negotiate
tcp mss 1024
dialer user admin
dialer-group 1
dialer bundle 1
ipsec policy testvpn
#
interface Ethernet0/0
port link-mode route
description inside
ip address 192.168.2.1 255.255.255.0
#
mtu 1450
ip address ppp-negotiate
tcp mss 1024
dialer user admin
dialer-group 1
dialer bundle 1
ipsec policy testvpn
#
interface Ethernet0/0
port link-mode route
description inside
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/1
port link-mode route
description outside
pppoe-client dial-bundle-number 1
tcp mss 1024
ip address dhcp-alloc
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
#
ssh server enable
#
load xml-configuration
#
port link-mode route
description outside
pppoe-client dial-bundle-number 1
tcp mss 1024
ip address dhcp-alloc
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
#
ssh server enable
#
load xml-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论