一:目的:100.1.1.1与200.1.1.2建立ipsec隧道。
二:配置基本命令1 配置acl :[MSR_1]acl advanced 3000[MSR_1-acl-ipv4-adv-3000]rule permit ip source 192.168.0.1 0 destination 10.0.0.1 02创建IPsec安全提议[MSR_1]ipsec transform-set tran[MSR_1-ipsec-transform-set-tran]encapsulation-mode tunnel[MSR_1-ipsec-transform-set-tran]protocol esp[MSR_1-ipsec-transform-set-tran]esp encryption-algorithm aes-cbc-128[MSR_1-ipsec-transform-set-tran]esp authentication-algorithm sha1
3创建IKE keychain[MSR_1]ike keychain test[MSR_1-ike-keychain-test]pre-shared-key address 200.1.1.2 255.255.255.0 key simple 123456
4创建IKE提议[MSR_1]ike proposal 100[MSR_1-ike-proposal-100]encryption-algorithm 3des-cbc[MSR_1-ike-proposal-100]authentication-method pre-share[MSR_1-ike-proposal-100]authentication-algorithm md5[MSR_1-ike-proposal-100]dh group1
5创建IKE profile[MSR_1]ike profile profile1[MSR_1-ike-profile-profile1]keychain test[MSR_1-ike-profile-profile1]local-identity address 100.1.1.1[MSR_1-ike-profile-profile1]match remote identity address 200.1.1.2 255.255.255.0[MSR_1-ike-profile-profile1]pr免费云主机域名oposal 1006创建一条IKE协商方式的IPsec安全策略[MSR_1]ipsec policy test 10 isakmp[MSR_1-ipsec-policy-isakmp-test-10]remote-address 200.1.1.2[MSR_1-ipsec-policy-isakmp-test-10]security acl 3000[MSR_1-ipsec-policy-isakmp-test-10]transform-set tran[MSR_1-ipsec-policy-isakmp-test-10]ike-profile profile17接口应用:[MSR_1]int g0/0[MSR_1-GigabitEthernet0/0]ipsec apply policy test另端设备镜像配置即可。三:抓包:esp数据包:
这篇“怎么为git设置网络代理”文章的知识点大部分人都不太理解,所以小编给大家总结了以下内容,内容详细,步骤清晰,具有一定的借鉴价值,希望大家阅读完这篇文章能有所收获,下面我们一起来看看免费云主机域名这篇“怎么为git设置网络代理”文章吧。设置http、htt…
免责声明:本站发布的图片视频文字,以转载和分享为主,文章观点不代表本站立场,本站不承担相关法律责任;如果涉及侵权请联系邮箱:360163164@qq.com举报,并提供相关证据,经查实将立刻删除涉嫌侵权内容。