网络防御(7)
课堂实验
R1
[Huawei] int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 100.1.12.2 24
protocolAug 1 2023 10:24:09-08:00 Huawei gOlIFNET/4/LINK STATE(1)[4]:The1ineIp on the interface GigabitEthernet0/0/0 has entered the Up state.
[Huawei-GigabitEthernet0/0/0]a[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/]ip add 100.1.13.2 24
Aug l 2023 10:24:51-08:00 Huawei OlIENET/4/LINK STATE(1)[5]:The line protocolIP on the interface GigabitEthernet0/0/1 has entered the Up state
[Huawei-GigabitEthernet0/0/1]
R2
[Huawei] int g0/0/0
[Huawei-GigabitEthernet0/0/0] ip add 192.168.1.1 24
1 2023 10:18:43-08:00 Huawei OlIFNET/4/LINK STATE(1)[0]:The line protocolAugIP on the interface GigabitEthernet0/0/0 has entered the Up state.
[Huawei-GigabitEthernet0/0/0]q
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 100.1.12.1 24
Aug1 2023 10:19:14-08:00 Huawei OlIFNET/4/INK STATE(1)[l:The line protocolIP on the interface GigabitEthernet0/0/1 has entered the Up state.
[Huawei-GigabitEthernet0/0/1]q
[Huawei]ip route-static 0.0.0.0 0 100.1.12.2
选参数
第一阶段
[Huawei]ike proposal 1
[Huawei-ike-proposal-1]encryption-algorithm ae
[Huawei-ike-proposal-1]encryption-algorithm aes-cbc-128
[Huawei-ike-proposal-1]authentication-algorithm sha1
[Huawei-ike-proposal-l]dh group2
[Huawei-ike-proposal-1]authentication-method pre-share
[Huawei-ike-proposal-1]sa duration
[Huawei]ike peer jjj
IKE peer is new, please indicate the mode to finish creatin(Error: This
[Huawei]ike peer jjj vl
[Huawei-ike-peer-jjj]pre-shared-key cipher keyl23
[Huawei-ike-peer-jjj]exchange-mode main
[Huawei-ike-peer-jjj]pee
[Huawei-ike-peer-jjj]rem
[Huawei-ike-peer-jjj]remote-address 100.1.13.1
[Huawei-ike-peer-jjj]ik
[Huawei-ike-peer-jjj]ike-proposal 1
第二阶段
[Huawei]ipsec profile
[Huawei-ipsec-proposal-jjj]encapsulation-mode tunnel
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm aes-128
[Huawei-ipsec-proposal-jjj]esp authentication-algorithm shal
[Huawei]acl 3000
[Huawei-acl-adv-3000]rule permit ip source 192.168.1.0 0.0.0.255 destination 192.168.2.0 0.0.0.255
[Huawei-acl-adv-3000]
[Huawei]ipsec policy jjj 1 isakmp
[Huawei-ipsec-policy-isakmp-jjj-1]proposal jjj
[Huawei-ipsec-policy-isakmp-jjj-1]ike-peer jjj
[Huawei-ipsec-policy-isakmp-jjj-1]security acl 3000
[Huawei-ipsec-policy-isakmp-jjj-1]pfs dh-group2
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ipsec policy jjj
R3
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 192.168.2.1 24
Aug 1 2023 10:20:24-08:00 Huawei OlIFNET/4/LINK STATE(1)[0]:The line protocol
Ip on the interface GigabitEthernet0/0/1 has entered the Up state.
[Huawei-GigabitEthernet0/0/1]q
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 100.1.13.1 24
Aug 1 2023 10:20:45-08:00 Huawei gOlIFNET/4/LINK STATE(1)[1:The line protocol
IP on the interface GigabitEthernet0/0/0 has entered the Up state.
[Huawei-GigabitEthernet0/0/0]q
[Huawei]ip ro
[Huawei]ip route-
[Huawei]ip route-static 0.0.0.0 0 100.1.13.2
第一阶段
[Huawei]ike proposal 1
[Huawei-ike-proposal-1]authentication-algorithm shal
[Huawei-ike-proposal-1]authentication-method pre-share
[Huawei-ike-proposal-1]encryption-algorithm aes-cbc-128
[Huawei-ike-proposal-1]dh group2
[Huawei-ike-proposal-1]q
[Huawei]ike peer jjj v1
[Huawei-ike-peer-jjj]pre-shared-key cipher key123
[Huawei-ike-peer-jjj]re-authentication
[Huawei-ike-peer-jjj]remote-address 100.1.12.1
[Huawei-ike-peer-jjj]ike-proposal 1
第二阶段
[Huawei-ike-proposal-1]authentication-algorithm shal
[Huawei-ike-proposal-1]authentication-method pre-share
[Huawei-ike-proposal-1]encryption-algorithm aes-cbc-128
[Huawei-ike-proposal-1]dh group2
[Huawei-ike-proposal-1]q
[Huawei]ike peer jjj v1
[Huawei-ike-peer-jjj]pre-shared-key cipher key123
[Huawei-ike-peer-jjj]remote-address 100.1.12.1
[Huawei-ike-peer-jjj]ike-proposal 1
[Huawei-ike-peer-jjj]q
[Huawei]ipsec proposal jjj
[Huawei-ipsec-proposal-jjj]encapsulation-mode tunnel
[Huawei-ipsec-proposal-jjj]esp authentication-algorithm shal
[Huawei-ipsec-proposal-jjj]esp encryption-algorithm aes-128
[Huawei-ipsec-proposal-jjj]q
[Huawei]acl 3000
[Huawei-acl-adv-3000]pr
[Huawei-acl-adv-3000]rule permit ip source 192.168 .2.0 0.0.0.255 destination192.
168.1.0 0.0.0.255
[Huawei-acl-adv-3000]q
[Huawei]ipsec policy jjj 1 isakmp
[Huawei-ipsec-policy-isakmp-jjj-1]proposal jjj
[Huawei-ipsec-policy-isakmp-jjj-1]ike-peer jjj
[Huawei-ipsec-policy-isakmp-jjj-1]security acl 3000
[Huawei-ipsec-policy-isakmp-jjj-1]pfs dh-group2
[Huawei-ipsec-policy-isakmp-jjj-1]q
[Huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ipsec policy jjj
PC1:
PC2
测试:
