Shulou(Shulou.com)06/01 Report--

Objective: to establish ipsec tunnel between 100.1.1.1 and 200.1.1.2.

Two: configure basic commands

1 configure acl:

[MSR_1] acl advanced 3000

[MSR_1-acl-ipv4-adv-3000] rule permit ip source 192.168.0.1 0 destination 10.0.0.1 0

2 create an IPsec security proposal

[MSR_1] ipsec transform-set tran

[MSR_1-ipsec-transform-set-tran] encapsulation-mode tunnel

[MSR_1-ipsec-transform-set-tran] protocol esp

[MSR_1-ipsec-transform-set-tran] esp encryption-algorithm aes-cbc-128

[MSR_1-ipsec-transform-set-tran] esp authentication-algorithm sha1

3 create IKE keychain

[MSR_1] ike keychain test

[MSR_1-ike-keychain-test] pre-shared-key address 200.1.1.2 255.255.255.0 key simple 123456

4 create an IKE proposal

[MSR_1] ike proposal 100

[MSR_1-ike-proposal-100] encryption-algorithm 3des-cbc

[MSR_1-ike-proposal-100] authentication-method pre-share

[MSR_1-ike-proposal-100] authentication-algorithm md5

[MSR_1-ike-proposal-100] dh group1

5 create IKE profile

[MSR_1] ike profile profile1

[MSR_1-ike-profile-profile1] keychain test

[MSR_1-ike-profile-profile1] local-identity address 100.1.1.1

[MSR_1-ike-profile-profile1] match remote identity address 200.1.1.2 255.255.255.0

[MSR_1-ike-profile-profile1] proposal 100

6 create an IPsec security policy based on IKE negotiation

[MSR_1] ipsec policy test 10 isakmp

[MSR_1-ipsec-policy-isakmp-test-10] remote-address 200.1.1.2

[MSR_1-ipsec-policy-isakmp-test-10] security acl 3000

[MSR_1-ipsec-policy-isakmp-test-10] transform-set tran

[MSR_1-ipsec-policy-isakmp-test-10] ike-profile profile1

7 Interface applications:

[MSR_1] int g0/0

[MSR_1-GigabitEthernet0/0] ipsec apply policy test

You can configure the image of the other device.

Three: grab the bag:

Esp packet:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.