H3C配置IPSEC ×××

H3C配置IPSEC ×××思路跟思科差不多，无非就是命令不一样的，下面就演示一下

拓扑：

RT1背后有个1.1.1.1网段，RT3背后有个3.3.3.3网段，ISP没有这两条路由

RT2:

<RT2>system-view

System View: return to User View with Ctrl Z.

[RT2]int g0/0/0

[RT2-GigabitEthernet0/0/0]ip add 12.1.1.2 24

[RT2-GigabitEthernet0/0/0]quit

[RT2]int g0/0/1

[RT2-GigabitEthernet0/0/1]ip add 23.1.1.2 24

[RT2-GigabitEthernet0/0/1]quit

RT1:

acl number 3000

rule 0 permit ip source 1.1.1.0 0.0.0.255 destination 3.3.3.0 0.0.0.255

ike proposal 1

encryption-algorithm 3des-cbc

authentication-algorithm md5

authentication-metod pre-share

dh group2

ike peer cisco

id-type ip

pre-shared-key simple cisco

remote-address 23.1.1.3

local-address 12.1.1.1

#

ipsec proposal cisco

transform esp

esp authentication-algorithm md5

esp encryption-algorithm 3des

ipsec policy cisco 10 isakmp

security acl 3000

ike-peer cisco

proposal cisco

int g0/0/0

ipsec policy cisco

ip route-static 0.0.0.0 0.0.0.0 12.1.1.2

RT3:

acl number 3000

rule 0 permit ip source 3.3.3.0 0.0.0.255 destination 1.1.1.0 0.0.0.255

ike proposal 1

encryption-algorithm 3des-cbc

authentication-algorithm md5

authentication-metod pre-share

dh group2

ike peer cisco

id-type ip

pre-shared-key simple cisco

remote-address 12.1.1.1

local-address 23.1.1.3

#

ipsec proposal cisco

transform esp

esp authentication-algorithm md5

esp encryption-algorithm 3des

ipsec policy cisco 10 isakmp

security acl 3000

ike-peer cisco

proposal cisco

int g0/0/1

ipsec policy cisco

ip route-static 0.0.0.0 0.0.0.0 23.1.1.2

效果：