更新时间:2020-05-06 13:55:57
在网宿云上相关配置以下表为例:
协议 | 配置 | 示例值 |
---|---|---|
IKE | 验证算法 | SHA1 |
IKE | 加密算法 | AES-128 |
IKE | IKE版本 | V1 |
IKE | 完整前向保密 | group5 |
IKE | SA生存时间(秒) | 3600 |
IPSec | 验证算法 | SHA1 |
IPSec | 加密算法 | AES-128 |
IPSec | 封装模式 | Tunnel |
IPSec | 传输协议 | ESP |
IPSec | 完整前向保密 | group5 |
IPSec | SA生存时间(秒) | 28800 |
隧道配置 | 隧道模式 | 主模式(Main) |
隧道配置 | 预共享密钥 | Wangsu@123 |
VPC配置 | 子网网段 | 192.168.1.0/24 |
VPC配置 | 子网网段 | 192.168.2.0/24 |
VPC配置 | 静态公网IP | 120.13.11.44 |
IDC配置 | 子网网段 | 192.168.3.0 |
IDC配置 | 静态公网IP | 120.88.14.15 |
display version
17:20:502017/03/09
Huawei Versatile Security Platform Software
Software Version: USG6600 V100R001C30SPC300(VRP (R) Software, Version 5.30)
acl number 3065 vpn-instance vpn64
rule 1 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 2 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
rule 3 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
rule 4 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
q
ike proposal 64
dh group5
authentication-algorithm sha1
integrity-algorithm aes-128
sa duration 3600
q
ike peer vpnikepeer_64
pre-shared-key ******** (********为您输入的预共享密码)
ike-proposal 64
undo version 2
remote-address vpn-instance vpn64 120.13.11.44
sa binding vpn-instance vpn64
q
ipsec proposal ipsecpro64
encapsulation-mode tunnel
esp authentication-algorithm sha1
q
ipsec policy vpnipsec64 1 isakmp
security acl 3065
pfs dh-group5
ike-peer vpnikepeer_64
proposal ipsecpro64
local-address 120.88.14.15
q
interface GigabitEthernet0/0/2.64
ipsec policy vpnipsec64
q