内部的IP和MAC地址被封装起来,外面加上VTEP的IP和MAC地址,发送到另一端后,再把外层卸下来,发送给对端的VM。 最后下一节我们来看IPSec隧道。
这就是 IPSec Virtual Tunnel Interface(VTI,虚拟隧道
In the IPSec tunnel establishment at the tunnel interface, you must settunnel-protocoltoIPSec. By default, Huawei firewalls do not support weak security algorithms such as MD5, SHA1, DES, 3DES, DH-GROUP1, DH-GROUP2, and DH-GROUP5. To ...
对于响应方,必须在 tunnel-group 命令中配置信任点。对于 IKEv2,必须同时在发起方和响应方的 tunnel-group 命令下配置用于身份验证的信任点。 过程 添加IKEv1 转换集或 IKEv2 IPsec 提议以建立安全关联。 要添加 IKEv1 转换集,请使用以下命令: crypto ipsec ikev1 transform-set{transform-set-name|enc...
KnownTunnelConnectionStatus KnownUsageUnit KnownUseHubGateway KnownVerbosityLevel KnownVirtualNetworkEncryptionEnforcement KnownVirtualNetworkGatewayConnectionMode KnownVirtualNetworkGatewayConnectionProtocol KnownVirtualNetworkGatewayConnectionStatus KnownVirtualNetworkGatewayConnectionType KnownVirtualNetworkGatewaySkuName KnownVirtua...
IPSec proposal Encapsulation mode Tunnel mode Tunnel mode Security protocol ESP ESP ESP authentication algorithm SHA2-256 SHA2-256 ESP encryption algorithm AES-128 AES-128 DH Group GROUP2 GROUP2 IKE peer Negotiation mode Main...
tunnel interface:pppoe-dsl,pppoa-dsl,tun0,vpn1,这些被用于发送数据包,通过隧道协议,例如GRE,IPsec,PPPoE等等。 special purpose:imq0,teql3,这些被用于改变设备出去或者进入的数据包的优先顺序,就是我们QoS中经常会用到。 wireless operating mode virtual interfaces:wlan0,wlan0_1,ath3,ath_monitor.. ...
IPSec Virtual Tunnel Interface Configuration GuideCisco IOS Easy VPN
如果是使用TUNNEL起VPN的话,不管哪个运营商应该都没有问题,能起来,但是如果走IPSEC的话,请和运营商联系,运营商需要支持你做IPSEC。另外,如果本地的VPN设备与对端之间有NAT,建议把NAT改为静态的NAT,由于动态NAT改变端口,端口一旦发生变化,VPN无法配对。
KnownTunnelConnectionStatus KnownUsageUnit KnownUseHubGateway KnownVerbosityLevel KnownVirtualNetworkEncryptionEnforcement KnownVirtualNetworkGatewayConnectionMode KnownVirtualNetworkGatewayConnectionProtocol KnownVirtualNetworkGatewayConnectionStatus KnownVirtualNetworkGatewayConnectionType KnownVirtualNetworkGatewaySkuName KnownVirtua...