H3C MSR20系列路由器IPSEC VPN设置方法
[ruby]
version 5.20, Release 2207P02, Basic
#
sysname testvpn
#
ike local-name testvpn
ike sa keepalive-timer timeout 28800
#
domain default enable system
#
telnet server enable
#
dar p2p signature-file cfa0:/p2p_default.mtd
#
port-security enable
#
acl number 3001 name nat
rule 0 deny ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 (对端VPN设置 两个IP地址段对调)
rule 20 permit ip source 192.168.2.94 0 允许内网nat 的地址(可上网的ip)
rule 30 permit ip source 192.168.2.80 0
acl number 3026
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.0 0.0.0.255 定义VPN隧道数据流向(对端VPN设置 两个IP地址段对调)
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike peer testvpn 设置IKE 对等体
exchange-mode aggressive 野蛮模式
pre-shared-key cipher nWUE29323vCRHSJ19231231hkSNpRHtg== 共享密钥
id-type name ID类型为名称
remote-name testpeer 远程IKE名称
remote-address 202.106.0.20 (因本端ADSL接入动态IP地址,对端指定本段IKE名称即可不用指定远程IP地址)
local-name testvpn 本地IKE名称
nat traversal nat穿越
#
ipsec proposal testvpn
#
ipsec policy testvpn 10 isakmp
security acl 3026 匹配的ACL
pfs dh-group1
ike-peer testvpn IKE对等体名称
proposal testvpn IPSEC 安全提议名称
#
user-group system
group-attribute allow-guest
#
local-user admin
password cipher .]@QWEUSEWEW=B,53Q123=^Q`M12DAAF4<1!!
authorization-attribute level 3
service-type telnet
service-type web
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Dialer1 设置 PPPOE拨号接口
nat outbound 3001
link-protocol ppp
ppp pap local-user 9009239392939 password cipher )^6G123G6S032316;R3Q=^Q`MAF4<1!!
mtu 1450
ip address ppp-negotiate
tcp mss 1024
dialer user admin
dialer-group 1
dialer bundle 1
ipsec policy testvpn
#
interface Ethernet0/0
port link-mode route
description inside
ip address 192.168.2.1 255.255.255.0
#
interface Ethernet0/1
port link-mode route
description outside
pppoe-client dial-bundle-number 1
tcp mss 1024
ip address dhcp-alloc
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 Dialer1
#
ssh server enable
#
load xml-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
- 上一篇:斐讯路由器的管理与认证
- 下一篇:TP-link路由器的无线网组建技巧