2023年7月4日发(作者：)

H3CIPsec+IKE野蛮模式置实例-副本

野蛮模式方法配置拓扑图

站点A

RA S0/0 10.1.12.1/24 E0/0 192.168.1.1/24

站点B

RB S0/0 PPP动态协商 E0/0 192.168.2.1/24

Route A配置

acl number 3001

rule permit ip source 192.168.1.0 0.0.0.255

192.168.2.0 0.0.0.255

rule deny ip source any destination any

ip route-static 0.0.0.0 0.0.0.0 s0/0

ike local-name routea

ike peer routeb

exchange-mode aggressive

pre-share-key abcdefg

id-type name

remote-name routb

ipsec proposal ROUTE

encapslation-mode tunnel

transform esp

esp encryption-algorithm des

esp authentication-algorithm sha1

quit

destination ipsec policy map1 10 isakmp

proposal ROUTE

ike-peer routeb

security acl 3001

quit

int s0/0

ip address 10.1.12.1 255.255.255.0

ipsec policy map1

int e0/0

ip address 192.168.1.1 255.255.255.0

Route b配置

acl number 3001

rule permit ip source 192.168.2.0 0.0.0.255

192.168.1.0 0.0.0.255

rule deny ip source any destination any

ip route-static 0.0.0.0 0.0.0.0 s0/0

ike local-name routeb

ike peer routeb

exchange-mode aggressive

pre-share-key abcdefg

id-type name

remote-name routa

ipsec proposal ROUTE

destination encapslation-mode tunnel

transform esp

esp encryption-algorithm des

esp authentication-algorithm sha1

quit

ipsec policy map1 10 isakmp

proposal ROUTE

ike-peer routeb

security acl 3001

quit

int s0/0

link-protocol ppp

ip address ppp-negotiate

ipsec policy map1

int e0/0

ip address 192.168.2.1 255.255.255.0