使用IPSec虚拟隧道接口建立IPSec安全隧道

实验TOP：

 

 

RT1的配置：

==================================

<H3C>sy
[H3C]int g0/1/0
[H3C-GigabitEthernet0/1/0]ip add 192.168.1.2 255.255.255.0
[H3C-GigabitEthernet0/1/0]un shut
[H3C-GigabitEthernet0/1/0]quit
[H3C]int g0/1/1
[H3C-GigabitEthernet0/1/1]ip add 192.168.2.1 255.255.255.0
[H3C-GigabitEthernet0/1/1]un shut
[H3C-GigabitEthernet0/1/1]quit
[H3C]ike local-name rt1
[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.2.2
[H3C]ike peer peer1
[H3C-ike-peer-peer1]pre-shared-key simple abcde
[H3C-ike-peer-peer1]id-type name
[H3C-ike-peer-peer1]remote-name rt2
[H3C-ike-peer-peer1]quit
[H3C]ipsec proposal kalng
[H3C-ipsec-proposal-kalng]encapsulation-mode tunnel
[H3C-ipsec-proposal-kalng]transform esp
[H3C-ipsec-proposal-kalng]esp encryption-algorithm des
[H3C-ipsec-proposal-kalng]esp authentication-algorithm md5
[H3C-ipsec-proposal-kalng]quit
[H3C]ipsec profile abc                               （安全框架）
[H3C-ipsec-profile-abc]ike-peer peer1
[H3C-ipsec-profile-abc]proposal kalng
[H3C-ipsec-profile-abc]quit
[H3C]int Tunnel 1                                             （虚拟接口）
[H3C-Tunnel1]ip address 172.16.1.1 255.255.255.0
[H3C-Tunnel1]tunnel-protocol ipsec ipv4    
[H3C-Tunnel1]source g0/1/1                     
[H3C-Tunnel1]destination 192.168.3.2
[H3C-Tunnel1]ipsec profile abc
[H3C-ipsec-profile-abc]quit
[H3C]

 

RT2配置：

=====================================================

<H3C>sy
[H3C]int g0/1/0
[H3C-GigabitEthernet0/1/0]ip add 192.168.3.2 255.255.255.0
[H3C-GigabitEthernet0/1/0]un shu
[H3C-GigabitEthernet0/1/0]quit
[H3C]int g0/1/1
[H3C-GigabitEthernet0/1/1]ip add 192.168.4.1 255.255.255.0
[H3C-GigabitEthernet0/1/1]un shu
[H3C-GigabitEthernet0/1/1]quit
[H3C]ike local-name rt2
[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.3.1
[H3C]ike peer peer2
[H3C-ike-peer-peer2]pre-shared-key simple abcde
[H3C-ike-peer-peer2]id-type name
[H3C-ike-peer-peer2]remote-name rt1
[H3C-ike-peer-peer2]quit
[H3C]ipsec proposal kalng
[H3C-ipsec-proposal-kalng]encapsulation-mode tunnel
[H3C-ipsec-proposal-kalng]transform esp
[H3C-ipsec-proposal-kalng]esp encryption-algorithm des
[H3C-ipsec-proposal-kalng]esp authentication-algorithm md5
[H3C-ipsec-proposal-kalng]quit
[H3C]ipsec profile abc
[H3C-ipsec-profile-abc]ike-peer peer2
[H3C-ipsec-profile-abc]proposal kalng
[H3C-ipsec-profile-abc]quit
[H3C]int Tunnel 1
[H3C-Tunnel1]ip address 172.16.1.2 255.255.255.0
[H3C-Tunnel1]tunnel-protocol ipsec ipv4
[H3C-Tunnel1]source g0/1/0
[H3C-Tunnel1]destination 192.168.2.1
[H3C-Tunnel1]ipsec profile abc
[H3C-ipsec-profile-abc]quit
[H3C]