五月天青色头像情侣网名,国产亚洲av片在线观看18女人,黑人巨茎大战俄罗斯美女,扒下她的小内裤打屁股

歡迎光臨散文網 會員登陸 & 注冊

華三IPsec-野蠻模式

2023-06-04 13:26 作者:青松一路似相逢  | 我要投稿

【拓撲圖】

IPsec規(guī)劃圖

【需求】FW3(分部)通過NAT設備與FW4(總部1)建立IPsec隧道;FW3(分部)通過NAT設備與FW8(總部2)建立IPsec隧道


----------------------------------------------------分部配置如下-----------------------------------------------

【FW1】

interface GigabitEthernet1/0/5

?ip address 1.1.1.2 255.255.255.0

?nat outbound 2000

#

interface GigabitEthernet1/0/10

?ip address 10.0.12.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 1.1.1.1

?ip route-static 192.168.10.0 24 10.0.12.2

#

acl basic 2000

?rule 5 permit source 10.0.12.0 0.0.0.255

#

nat policy

?rule name 5

? action easy-ip

#

security-policy ip

?rule 0 name test-any

? action pass

#

【FW3】

interface GigabitEthernet1/0/5

?ip address 10.0.12.2 255.255.255.0

?ipsec apply policy zb1policy

或者

?ipsec apply policy zb2policy

#

interface GigabitEthernet1/0/10

?ip address 192.168.10.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 10.0.12.1

#

acl advanced 3000

?rule 5 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.20.0 0.0.0.255

?rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192.168.30.0 0.0.0.255

#

ipsec transform-set 5

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec transform-set 10

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec policy zb1policy 5 isakmp

?transform-set 10

?security acl 3000

?remote-address 2.2.2.2

?ike-profile 10

#

ipsec policy zb2policy 5 isakmp

?transform-set 5

?security acl 3000

?remote-address 3.3.3.2

?ike-profile 5

#

ike profile 5

?keychain 5

?exchange-mode aggressive

?local-identity user-fqdn fb

?match remote identity address 3.3.3.2 255.255.255.255

?proposal 5

#

ike profile 10

?keychain 10

?exchange-mode aggressive

?local-identity user-fqdn fb

?match remote identity address 2.2.2.2 255.255.255.255

?proposal 10

#

ike proposal 5

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike proposal 10

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike keychain 5

?pre-shared-key address 3.3.3.2 255.255.255.255 key cipher $c$3$JpP3sPfDJjtOON3t7atiLT19pTaZc0X3QQ==

#

ike keychain 10

?pre-shared-key address 2.2.2.2 255.255.255.255 key cipher $c$3$RFQqv8wL0FmwZW5CEL9snwo6MJaFq5gDBg==

#

security-policy ip

?rule 0 name test-any

? action pass

#


----------------------------------------------------總部1配置如下-----------------------------------------------

【FW2】

interface GigabitEthernet1/0/5

?ip address 2.2.2.2 255.255.255.0

?nat outbound 2000

?nat server protocol udp global 2.2.2.2 500 inside 172.0.12.2 500 rule ServerRule_2

?nat server protocol udp global 2.2.2.2 4500 inside 172.0.12.2 4500 rule ServerRule_3

?nat server protocol 50 global 2.2.2.2 inside 172.0.12.2 rule ServerRule_1

#

interface GigabitEthernet1/0/10

?ip address 172.0.12.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 2.2.2.1

?ip route-static 192.168.20.0 24 172.0.12.2

#

acl basic 2000

?rule 5 permit source 172.0.12.0 0.0.0.255

#

security-policy ip

?rule 0 name test-any

? action pass

#


【FW4】

interface GigabitEthernet1/0/5

?port link-mode route

?combo enable copper

?ip address 172.0.12.2 255.255.255.0

?ipsec apply policy fbpolicy1

#

interface GigabitEthernet1/0/10

?port link-mode route

?combo enable copper

?ip address 192.168.20.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 172.0.12.1

#

acl advanced 3000

?rule 5 permit ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

#

ipsec transform-set 10

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec policy-template fbpolicy 5

?transform-set 10

?security acl 3000

?ike-profile 10

#

ipsec policy fbpolicy1 5 isakmp template fbpolicy

#

ike profile 10

?keychain 10

?exchange-mode aggressive

?match remote identity user-fqdn fb

?proposal 10

#

ike proposal 10

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike keychain 10

?pre-shared-key hostname fb key cipher $c$3$jy74ZpWrbna/X8mV5+JgWknoKqSrnftSxQ==

#

security-policy ip

?rule 0 name test-any

? action pass

#


----------------------------------------------------總部2配置如下-----------------------------------------------

【FW8】

interface GigabitEthernet1/0/5

?ip address 3.3.3.2 255.255.255.0

?ipsec apply policy fbpolicy1

#

interface GigabitEthernet1/0/10

?ip address 192.168.30.1 255.255.255.0

#

security-zone name Trust

?import interface GigabitEthernet1/0/10

#

security-zone name Untrust

?import interface GigabitEthernet1/0/5

#

?ip route-static 0.0.0.0 0 3.3.3.1

#

acl advanced 3000

?rule 5 permit ip source 192.168.30.0 0.0.0.255 destination 192.168.10.0 0.0.0.255

#

ipsec transform-set 5

?esp encryption-algorithm 3des-cbc

?esp authentication-algorithm sha256

#

ipsec policy-template fbpolicy 5

?transform-set 5

?security acl 3000

?ike-profile 5

#

ipsec policy fbpolicy1 5 isakmp template fbpolicy

#

ike profile 5

?keychain 5

?exchange-mode aggressive

?match remote identity user-fqdn fb

?proposal 5

#

ike proposal 5

?encryption-algorithm 3des-cbc

?dh group14

?authentication-algorithm sha256

#

ike keychain 5

?pre-shared-key hostname fb key cipher $c$3$teL4sOn7Lb5MHZaqJMQK0gNmybAgBbdc2Q==

#

security-policy ip

?rule 0 name test-any

? action pass

#


【驗證】

分部到總部1

分部出接口應用總部1的IPsec策略
私網流量互通


分部到總部2

分部出接口應用總部2的ipsec策略
私網流量互通


標簽:

華三IPsec-野蠻模式的評論 (共 條)

分享到微博請遵守國家法律
江安县| 洛南县| 建湖县| 红原县| 连州市| 仁寿县| 彰化县| 乌海市| 上饶市| 惠州市| 稻城县| 黄山市| 闸北区| 积石山| 嘉鱼县| 多伦县| 平阳县| 固镇县| 治县。| 綦江县| 元氏县| 应城市| 大方县| 桐梓县| 罗源县| 双峰县| 荣成市| 盱眙县| 定日县| 凉城县| 沐川县| 应城市| 永吉县| 甘谷县| 静海县| 浦东新区| 胶南市| 绥中县| 象州县| 青海省| 肥城市|