多平台统一管理软件接口,如何实现多平台统一管理软件接口
1401
2022-09-15
IPsec实验演示(Huawei路由器设备配置)(华三路由器ipsec配置)
一、IPsec介绍
IPsec(Internet Protocol Security)是为IP网络提供安全性的协议和服务的集合,它是VPN(Virtual Private Network,虚拟专用网)中常用的一种技术。 由于IP报文本身没有集成任何安全特性,IP数据包在公用网络如Internet中传输可能会面临被伪造、窃取或篡改的风险。通信双方通过IPsec建立一条IPsec隧道,IP数据包通过IPsec隧道进行加密传输,有效保证了数据在不安全的网络环境如Internet中传输的安全性。
二、实验目的
通过IPsec,实现PC1与PC2之间传输的数据是加密的;
三、实验拓扑
四、实验配置
(1)配置R1路由器
[Huawei]sy R1
[R1]un in en
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.10.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 100.1.1.1 30
[R1-GigabitEthernet0/0/1]q
[R1]ip route-static 0.0.0.0 0 100.1.1.2
#增加一条静态路由指向运营商
[R1]acl 2000
[R1-acl-basic-2000]rule 10 permit source 192.168.10.0 0.0.0.255
[R1-acl-basic-2000]int g0/0/1
[R1-GigabitEthernet0/0/1]nat outbound 2000
[R1-GigabitEthernet0/0/1]q
[R1]acl 3000
[R1-acl-adv-3000]rule 10 permit ip source 192.168.10.0 0.0.0.255 destination 192
.168.20.0 0.0.0.255
#配置高级acl
[R1]ipsec proposal 1
#配置ipsec,名称为1
[R1-ipsec-proposal-1]esp authentication-algorithm md5
#认证算法采用md5
[R1-ipsec-proposal-1]esp encryption-algorithm des
#加密算法采用des
[R1-ipsec-proposal-1]q
[R1]display ipsec proposal
[R1]ipsec policy 1 10 manual
[R1-ipsec-policy-manual-1-10]security acl 3000
[R1-ipsec-policy-manual-1-10]proposal 1
[R1-ipsec-policy-manual-1-10]tunnel local 200.1.1.1
[R1-ipsec-policy-manual-1-10]tunnel remote 100.1.1.1
[R1-ipsec-policy-manual-1-10]sa spi inbound esp 12345
[R1-ipsec-policy-manual-1-10]sa string-key inbound esp cipher 123
[R1-ipsec-policy-manual-1-10]sa spi outbound esp 54321
[R1-ipsec-policy-manual-1-10]sa string-key outbound esp cipher 123
[R1-ipsec-policy-manual-1-10]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ipsec policy 1
#应用ipsec policy1到接口上
[R1-GigabitEthernet0/0/1]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]undo nat outbound 2000
[R1-GigabitEthernet0/0/1]q
[R1]undo acl 2000
[R1]acl 3001
[R1-acl-adv-3001]rule 10 deny ip source 192.168.20.0 0.0.0.255 destination 192.1
68.10.0 0.0.0.255
[R1-acl-adv-3001]q
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]nat out
[R1-GigabitEthernet0/0/1]nat outbound 3001
[R1-GigabitEthernet0/0/1]q
[R1]acl 3001
[R1-acl-adv-3001]rule 20 permit ip
[R1-acl-adv-3001]q
(2)配置R2路由器
[Huawei]sy R2
[R2]un in en
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 192.168.20.254 24
[R2-GigabitEthernet0/0/0]int g0/0/01
[R2-GigabitEthernet0/0/1]ip add 200.1.1.1 30
[R2-GigabitEthernet0/0/1]q
[R2]ip route-static 0.0.0.0 0 200.1.1.2
[R2]acl 2000
[R2-acl-basic-2000]rule 10 permit source 192.168.20.0 0.0.0.255
[R2-acl-basic-2000]int g0/0/1
[R2-GigabitEthernet0/0/1]nat outbound 2000
[R2-GigabitEthernet0/0/1]q
[R2]acl 3000
[R2-acl-adv-3000]rule 10 permit ip source 192.168.20.0 0.0.0.255 destination 192
.168.10.0 0.0.0.255
#配置高级acl
[R2]ipsec proposal 1
#配置ipsec,名称为1
[R2-ipsec-proposal-1]esp authentication-algorithm md5
#认证算法采用md5
[R2-ipsec-proposal-1]esp encryption-algorithm des
#加密算法采用des
[R2]ipsec policy 1 10 manual
[R2-ipsec-policy-manual-1-10]security acl 3000
[R2-ipsec-policy-manual-1-10]proposal 1
[R2-ipsec-policy-manual-1-10]tunnel local 200.1.1.1
[R2-ipsec-policy-manual-1-10]tunnel remote 100.1.1.1
[R2-ipsec-policy-manual-1-10]sa spi inbound esp 12345
[R2-ipsec-policy-manual-1-10]sa string-key inbound esp cipher 123
[R2-ipsec-policy-manual-1-10]sa spi outbound esp 54321
[R2-ipsec-policy-manual-1-10]sa string-key outbound esp cipher 123
[R2-ipsec-policy-manual-1-10]q
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ipsec policy 1
#应用ipsec policy1到接口上
[R2-GigabitEthernet0/0/1]q
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]undo nat outbound 2000
[R2-GigabitEthernet0/0/1]q
[R2]undo acl 2000
[R2]acl 3001
[R2-acl-adv-3001]rule 10 deny ip source 192.168.20.0 0.0.0.255 destination 192.1
68.10.0 0.0.0.255
[R2-acl-adv-3001]q
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]nat out
[R2-GigabitEthernet0/0/1]nat outbound 3001
[R2-GigabitEthernet0/0/1]q
[R2]acl 3001
[R2-acl-adv-3001]rule 20 permit ip
[R2-acl-adv-3001]q
(3)配置ISP路由器
[Huawei]sy ISP
[ISP]un in en
[ISP]int g0/0/0
[ISP-GigabitEthernet0/0/0]ip add 100.1.1.2 30
[ISP-GigabitEthernet0/0/0]int g0/0/1
[ISP-GigabitEthernet0/0/1]ip add 200.1.1.2 30
[ISP]interface LoopBack 0
[ISP-LoopBack0]ip add 2.2.2.2 32
#创建回环接口用于模拟互联网
(4)验证
用PC1 ping PC2
抓包查看
连通,并且抓包发现已经经过加密,实验成功。
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
暂时没有评论,来抢沙发吧~