eNSP模拟器—IPsec配置实验2

isakmp方式
参考：https://support.huawei.com/enterprise/zh/doc/EDOC0000707956/9da2d1d9

拓扑

两台PC

RouterA

[V200R003C00]
#
 sysname RouterA
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 ike local-name huawei1
#
 set cpu-usage threshold 80 restore 75
#
acl number 3101  
 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 
#
ipsec proposal tran1
 esp authentication-algorithm sha2-256 
 esp encryption-algorithm aes-128
#
ike proposal 1
 encryption-algorithm aes-cbc-128
 dh group14
#
ike peer spub v1
 exchange-mode aggressive
 pre-shared-key simple huawei
 ike-proposal 1
 local-id-type name
 remote-name huawei2
 local-address 1.1.1.1
 remote-address 2.1.1.1
#
ipsec policy map1 10 isakmp
 security acl 3101
 ike-peer spub
 proposal tran1
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
 ip address 1.1.1.1 255.255.255.0 
 ipsec policy map1
#
interface GigabitEthernet0/0/1
 ip address 10.1.1.1 255.255.255.0 
#
interface NULL0
#
ip route-static 2.1.1.0 255.255.255.0 1.1.1.2
ip route-static 10.1.2.0 255.255.255.0 1.1.1.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

RouterB

[V200R003C00]
#
 sysname RouterB
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 ike local-name huawei2
#
 set cpu-usage threshold 80 restore 75
#
acl number 3101  
 rule 5 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255 
#
ipsec proposal tran1
 esp authentication-algorithm sha2-256 
 esp encryption-algorithm aes-128
#
ike proposal 1
 encryption-algorithm aes-cbc-128
 dh group14
#
ike peer spua v1
 exchange-mode aggressive
 pre-shared-key simple huawei
 ike-proposal 1
 local-id-type name
 remote-name huawei1
 local-address 2.1.1.1
 remote-address 1.1.1.1
#
ipsec policy use1 10 isakmp
 security acl 3101
 ike-peer spua
 proposal tran1
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface GigabitEthernet0/0/0
 ip address 2.1.1.1 255.255.255.0 
 ipsec policy use1
#
interface GigabitEthernet0/0/1
 ip address 10.1.2.1 255.255.255.0 
#
interface NULL0
#
ip route-static 1.1.1.0 255.255.255.0 2.1.1.2
ip route-static 10.1.1.0 255.255.255.0 2.1.1.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

Internet

#
sysname Internet
#
interface  GigabitEthernet  0/0/1
 ip address  2.1.1.2 255.255.255.0
#
interface  GigabitEthernet  0/0/0
 ip address  1.1.1.2 255.255.255.0
#
ip route-static 10.1.2.0 255.255.255.0 2.1.1.1
ip route-static 10.1.1.0 255.255.255.0 1.1.1.1
#
return