remote-address 1.1.3.1 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 4.5、配置ipsec策略组(f1包含两个安全策略,f2f3各一个) //f1 ipsec policy map1 9 isakmp security acl 3001 ike-peer c proposal tran1 ipsec policy map1 10 isakmp security acl 3000 ike-peer b proposal tra...
# sysname RouterA # acl number 3101 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 # ipsec proposal tran1 esp authentication-algorithm sha2-256 esp encryption-algorithm aes-128 # ipsec policy map1 10 manual security acl 3101 proposal tran1 tunnel local 1.1.1.1 tu...
//创建一条手工方式的IPsec安全策略,名称为map2,序列号为10 ipsec policy map2 10 manual //指定引用的IPsec安全提议为tran1 transform-set tran1 //指定引用ACL 3401 security acl 3401 //指定IPsec隧道对端IP地址为13.1.1.3 remote-address 13.1.1.3 //配置ESP协议的出方向SPI为12345,入方向SPI为54321。SA由...
[SwitchA-ipsec-policy-manual-map1-10] transform-set tran1 # 指定IPsec隧道对端IP地址为2.2.3.1。 [SwitchA-ipsec-policy-manual-map1-10] remote-address 2.2.3.1 # 配置ESP协议的出方向SPI为12345,入方向SPI为54321。 [SwitchA-ipsec-policy-manual-map1-10] sa spi outbound esp 12345 [SwitchA-ipse...
[RouterA-ipsec-policy-manual-map1-10] transform-set tran1 # 指定IPsec隧道对端IP地址为2.2.3.1。 [RouterA-ipsec-policy-manual-map1-10] remote-address 2.2.3.1 # 配置ESP协议的出方向SPI为12345,入方向SPI为54321。 [RouterA-ipsec-policy-manual-map1-10] sa spi outbound esp 12345 [RouterA-ipse...
[RouterA] ipsec policy map1 10 manual [RouterA-ipsec-policy-manual-map1-10] security acl 3101 [RouterA-ipsec-policy-manual-map1-10] proposal tran1 [RouterA-ipsec-policy-manual-map1-10] tunnel remote 2.1.1.1 [RouterA-ipsec-policy-manual-map1-10] tunnel local 1.1.1.1 [...
SITE-A-ROUTER(config)#crypto isakmp enable 代码语言:javascript 代码运行次数:0 运行 AI代码解释 SITE-B-ROUTER(config)#crypto isakmp enable 配置加密 ISAKMP 策略 代码语言:javascript 代码运行次数:0 运行 AI代码解释 SITE-A-ROUTER(config)#crypto isakmp policy20SITE-A-ROUTER(...
crypto map secure_b Router B crypto isakmp policy 10 encr aes authentication pre-share group 2 ! ip access-list extended crypto-ACL permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 ! crypto isakmp key cisco123 address 0.0.0.0 0.0.0.0 ...
IPsec policy command. The boot scripts use ipsecconf to read the /etc/inet/ipsecinit.conf file and activate IPsec. Useful for viewing and modifying current IPsec policy, and for testing. PF_KEY socket interface Interface for security association database. Handles manual and automatic key managem...
crypto map MAP 10 set peer 10.0.0.2 crypto map MAP 10 set transform-set TRANSFORM crypto map MAP 10 set reverse-route crypto map MAP interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des ...