{"id":249,"date":"2024-09-24T17:24:16","date_gmt":"2024-09-24T09:24:16","guid":{"rendered":"http:\/\/192.168.5.24\/?p=249"},"modified":"2025-04-07T11:54:53","modified_gmt":"2025-04-07T03:54:53","slug":"ipsecvpn","status":"publish","type":"post","link":"https:\/\/bigvip.dpdns.org\/?p=249","title":{"rendered":"IPsecVPN\u7684\u914d\u7f6e"},"content":{"rendered":"\n

\u73af\u5883\u8bf4\u660e\uff1a<\/p>\n\n\n\n

\u4e09\u53f0\u8def\u7531\u5668\u94fe\u63a5\u5982\u4e0b\u56fe\uff0cR3\u4e0a\u53ea\u914d\u7f6eIP\u4e0d\u914d\u7f6e\u8def\u7531\u4fe1\u606f\uff0cR1\u3001R2\u914d\u7f6e\u9ed8\u8ba4\u8def\u7531\u6307\u5411R3\uff0c\u8981\u6c421\u3001\u5728R1\u3001R2\u4e0a\u914d\u7f6eIPsecVPN\u5b9e\u73b0PC1\u4e0ePC2\u80fd\u4e92\u901a\u30022\u3001\u5b9e\u73b0\u5206\u516c\u53f8\u3001\u603b\u516c\u53f8\u80fd\u901a\u8fc7NAT\u8bbf\u95eeInternet\u3002<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u8def\u7531\u5668R1 \u7684\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n\n\n\n

<R1>dis current-configuration \n[V200R003C00]\n#\n sysname R1\n#\n snmp-agent local-engineid 800007DB03000000000000\n snmp-agent \n#\n clock timezone China-Standard-Time minus 08:00:00\n#\nportal local-server load flash:\/portalpage.zip\n#\n drop illegal-mac alarm\n#\n wlan ac-global carrier id other ac id 0\n#\n set cpu-usage threshold 80 restore 75\n#\nacl number 3000  \n rule 5 permit ip source 10.1.1.2 0 destination 10.1.2.2 0 \nacl number 3003  \n rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 100.100.100.100 0 \n#\nipsec proposal ipsecp\n transform ah-esp\n ah authentication-algorithm sha1\n esp authentication-algorithm sha1\n esp encryption-algorithm 3des\n#\nike proposal 1\n encryption-algorithm 3des-cbc\n#\nike peer T22 v2\n pre-shared-key cipher %$%${\"@cGFyLlVmL@4G,4=J.,.2n%$%$\n ike-proposal 1\n remote-address 202.138.164.2\n#\nipsec policy ipsecp 1 isakmp\n security acl 3000\n ike-peer T22\n proposal ipsecp\n#\naaa \n authentication-scheme default\n authorization-scheme default\n accounting-scheme default\n domain default \n domain default_admin \n local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$\n local-user admin service-type http\n#\nfirewall zone Local\n priority 15\n#\ninterface GigabitEthernet0\/0\/0\n ip address 10.1.1.1 255.255.255.0 \n#\ninterface GigabitEthernet0\/0\/1\n ip address 202.138.163.1 255.255.255.0 \n ipsec policy ipsecp\n nat outbound 3003\n#\ninterface GigabitEthernet0\/0\/2\n#\ninterface NULL0\n#\nip route-static 0.0.0.0 0.0.0.0 202.138.163.2\n#\nuser-interface con 0\n authentication-mode password\nuser-interface vty 0 4\nuser-interface vty 16 20\n#\nwlan ac\n#\nreturn\n<R1> <\/code><\/pre>\n\n\n\n
\u8def\u7531\u5668R2\u7684\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n\n\n\n
<R2>dis current-configuration \n[V200R003C00]\n#\n sysname R2\n#\n snmp-agent local-engineid 800007DB03000000000000\n snmp-agent \n#\n clock timezone China-Standard-Time minus 08:00:00\n#\nportal local-server load flash:\/portalpage.zip\n#\n drop illegal-mac alarm\n#\n wlan ac-global carrier id other ac id 0\n#\n set cpu-usage threshold 80 restore 75\n#\nacl number 3002  \n rule 5 permit ip source 10.1.2.2 0 destination 10.1.1.2 0 \nacl number 3003  \n rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 100.100.100.100 0 \n#\nipsec proposal ipsecp2\n transform ah-esp\n ah authentication-algorithm sha1\n esp authentication-algorithm sha1\n esp encryption-algorithm 3des\n#\nike proposal 2\n encryption-algorithm 3des-cbc\n#\nike peer T21 v2\n pre-shared-key cipher %$%${\"@cGFyLlVmL@4G,4=J.,.2n%$%$\n ike-proposal 2\n remote-address 202.138.163.1\n#\nipsec policy ipsecp2 2 isakmp\n security acl 3002\n ike-peer T21\n proposal ipsecp2\n#\naaa \n authentication-scheme default\n authorization-scheme default\n accounting-scheme default\n domain default \n domain default_admin \n local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$\n local-user admin service-type http\n#\nfirewall zone Local\n priority 15\n#\ninterface GigabitEthernet0\/0\/0\n ip address 10.1.2.1 255.255.255.0 \n#\ninterface GigabitEthernet0\/0\/1\n ip address 202.138.164.2 255.255.255.0 \n ipsec policy ipsecp2\n nat outbound 3003\n#\ninterface GigabitEthernet0\/0\/2\n#\ninterface NULL0\n#\nip route-static 0.0.0.0 0.0.0.0 202.138.164.1\n#\nuser-interface con 0\n authentication-mode password\nuser-interface vty 0 4\nuser-interface vty 16 20\n#\nwlan ac\n#\nreturn<\/code><\/pre>\n\n\n\n
\u8def\u7531\u5668R3 \u7684\u914d\u7f6e\u5982\u4e0b\uff1a<\/p>\n\n\n\n
<R3>dis cur\n[V200R003C00]\n#\n sysname R3\n#\n snmp-agent local-engineid 800007DB03000000000000\n snmp-agent \n#\n clock timezone China-Standard-Time minus 08:00:00\n#\nportal local-server load flash:\/portalpage.zip\n#\n drop illegal-mac alarm\n#\n wlan ac-global carrier id other ac id 0\n#\n set cpu-usage threshold 80 restore 75\n#\naaa \n authentication-scheme default\n authorization-scheme default\n accounting-scheme default\n domain default \n domain default_admin \n local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$\n local-user admin service-type http\n#\nfirewall zone Local\n priority 15\n#\ninterface GigabitEthernet0\/0\/0\n ip address 202.138.163.2 255.255.255.0 \n#\ninterface GigabitEthernet0\/0\/1\n ip address 202.138.164.1 255.255.255.0 \n#\ninterface GigabitEthernet0\/0\/2\n#\ninterface NULL0\n#\ninterface LoopBack0\n ip address 100.100.100.100 255.255.255.0 \n#\nuser-interface con 0\n authentication-mode password\nuser-interface vty 0 4\nuser-interface vty 16 20\n#\nwlan ac\n#\nreturn<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u8def\u7531\u5668R3\u4e0a\u6293\u5305\u60c5\u51b5\u5982\u4e0b\u56fe\uff0c\u53ef\u4ee5\u770b\u5230\u6570\u636e\u5305\u5df2\u7ecf\u88ab\u5c01\u88c5\u6210esp\u3002<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
\u603b\u7ed3\uff1a<\/p>\n\n\n\n
    \n
  • \u672c\u5b9e\u9a8censp\u6a21\u62df\u5668\u4f7f\u7528\u8def\u7531\u5668\u578b\u53f7AR3260\uff0c\u5176\u4ed6\u578b\u53f7\u53ef\u80fd\u6709\u95ee\u9898\uff0c\u65e0\u6cd5\u5efa\u7acbipsec sa\u3002<\/li>\n\n\n\n
  • \u8def\u7531\u5668R1\u3001R2 \u4e4b\u95f4\u7684ike proposal \u53f7\u3001ipsec proposal\u540d\u79f0\u3001ike peer\u540d\u79f0\u90fd\u53ef\u4ee5\u4e0d\u4e00\u6837\uff0c\u53ea\u8981\u5176\u76f8\u5e94\u7684\u52a0\u5bc6\u534f\u8bae\u3001\u9a8c\u8bc1\u534f\u8bae\u4e00\u81f4\u5373\u53ef\u3002<\/li>\n\n\n\n
  • \u53ef\u4ee5\u4f7f\u7528dis ike sa v2 \u67e5\u770bsa\u7684\u4fe1\u606f,\u6b63\u5e38\u5e94\u8be5\u51fa\u73b0\u4e24\u4e2a\u9636\u6bb5\u3002<\/li>\n\n\n\n
  • ike peer\u4e24\u7aef\u7684acl\u8303\u56f4\u4e0d\u4e00\u81f4\u4f1a\u51fa\u73b0\u65e0\u6cd5\u5f62\u6210ike sa\u7684\u6545\u969c\u3002<\/li>\n\n\n\n
  • SM3\u6570\u636e\u9a8c\u8bc1\u7b97\u6cd5\u53ef\u80fd\u65e0\u6cd5\u5728ensp\u4e0a\u9762\u4f7f\u7528\u3002<\/li>\n<\/ul>\n\n\n\n
    <\/p>\n","protected":false},"excerpt":{"rendered":"
    \u73af\u5883\u8bf4\u660e\uff1a \u4e09\u53f0\u8def\u7531\u5668\u94fe\u63a5\u5982\u4e0b\u56fe\uff0cR3\u4e0a\u53ea\u914d\u7f6eIP\u4e0d\u914d\u7f6e\u8def\u7531\u4fe1\u606f\uff0cR1\u3001R2\u914d\u7f6e\u9ed8\u8ba4\u8def\u7531\u6307\u5411R3\uff0c\u8981\u6c421\u3001\u5728R […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"aside","meta":{"footnotes":""},"categories":[28,7],"tags":[49,39],"class_list":["post-249","post","type-post","status-publish","format-aside","hentry","category-vpn","category-7","tag-ipsecvpn","tag-vpn","post_format-post-format-aside"],"_links":{"self":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=249"}],"version-history":[{"count":12,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/249\/revisions"}],"predecessor-version":[{"id":1034,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=\/wp\/v2\/posts\/249\/revisions\/1034"}],"wp:attachment":[{"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bigvip.dpdns.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}