H3C设备IPSEC配置问题
在两个AS的路由器,想做greoveripsec,可是ike的安全联盟怎么也建立不起来。。。详细配置如下:[R2]discu#sysnameR2#routerid3.3....
在两个AS的路由器,想做gre over ipsec,可是ike的安全联盟怎么也建立不起来。。。
详细配置如下:
[R2]dis cu
#
sysname R2
#
router id 3.3.3.3
#
ike proposal 1
#
ike peer r2_ike
pre-shared-key ray
remote-address 1.1.2.2
#
ipsec proposal r2_pro
#
ipsec policy r2_pol 1 isakmp
security acl 3000
ike-peer r2_ike
proposal r2_pro
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address 2.1.1.2 255.255.255.252
ipsec policy r2_pol
#
interface Serial2/0
clock DTECLK1
link-protocol ppp
#
interface Tunnel0
ip address 4.1.1.1 255.255.255.252
source 2.1.1.2
destination 1.1.2.2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.0.0.0
#
acl number 3000
rule 0 permit gre source 4.1.1.1 0 destination 4.1.1.2 0
#
bgp 100
import-route ospf 1
undo synchronization
group waibu external
peer 2.1.1.1 group waibu as-number 200
peer 1.1.2.2 group waibu as-number 200
#
ospf 1
area 0.0.0.0
network 3.0.0.0 0.0.0.255
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
[R3]display current-configuration
#
sysname R3
#
router id 2.2.2.2
#
ike peer r3_ike
pre-shared-key ray
remote-address 2.1.1.2
#
ipsec proposal r3_pro
#
ipsec policy r3_pol 1 isakmp
security acl 3000
ike-peer r3_ike
proposal r3_pro
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
ip address 1.1.2.2 255.255.255.252
ipsec policy r3_pol
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
#
interface Serial2/0
clock DTECLK1
link-protocol ppp
#
interface Tunnel0
ip address 4.1.1.2 255.255.255.252
source 1.1.2.2
destination 2.1.1.2
#
interface NULL0
#
acl number 3000
rule 0 permit gre source 4.1.1.2 0 destination 4.1.1.1 0
#
bgp 200
undo synchronization
group waibu external
peer 2.1.1.2 group waibu as-number 100
group neibu internal
peer 1.1.1.1 group neibu
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.3
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
请问问题出在哪了??死活搞不明白。。。。 展开
详细配置如下:
[R2]dis cu
#
sysname R2
#
router id 3.3.3.3
#
ike proposal 1
#
ike peer r2_ike
pre-shared-key ray
remote-address 1.1.2.2
#
ipsec proposal r2_pro
#
ipsec policy r2_pol 1 isakmp
security acl 3000
ike-peer r2_ike
proposal r2_pro
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address 2.1.1.2 255.255.255.252
ipsec policy r2_pol
#
interface Serial2/0
clock DTECLK1
link-protocol ppp
#
interface Tunnel0
ip address 4.1.1.1 255.255.255.252
source 2.1.1.2
destination 1.1.2.2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.0.0.0
#
acl number 3000
rule 0 permit gre source 4.1.1.1 0 destination 4.1.1.2 0
#
bgp 100
import-route ospf 1
undo synchronization
group waibu external
peer 2.1.1.1 group waibu as-number 200
peer 1.1.2.2 group waibu as-number 200
#
ospf 1
area 0.0.0.0
network 3.0.0.0 0.0.0.255
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
[R3]display current-configuration
#
sysname R3
#
router id 2.2.2.2
#
ike peer r3_ike
pre-shared-key ray
remote-address 2.1.1.2
#
ipsec proposal r3_pro
#
ipsec policy r3_pol 1 isakmp
security acl 3000
ike-peer r3_ike
proposal r3_pro
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
ip address 1.1.2.2 255.255.255.252
ipsec policy r3_pol
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
#
interface Serial2/0
clock DTECLK1
link-protocol ppp
#
interface Tunnel0
ip address 4.1.1.2 255.255.255.252
source 1.1.2.2
destination 2.1.1.2
#
interface NULL0
#
acl number 3000
rule 0 permit gre source 4.1.1.2 0 destination 4.1.1.1 0
#
bgp 200
undo synchronization
group waibu external
peer 2.1.1.2 group waibu as-number 100
group neibu internal
peer 1.1.1.1 group neibu
#
ospf 1
area 0.0.0.0
network 1.1.2.0 0.0.0.3
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
请问问题出在哪了??死活搞不明白。。。。 展开
2个回答
展开全部
R3的IKE 提议没有添加
ike proposal 1
ike proposal 1
本回答被提问者采纳
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
展开全部
九@州动态IP地址切换器,是用于在不同网络环境下快速切换IP地址等网络配置的软件工具。
1、给客户提供换ip功能,包含静态线路和动态线路选择
2、提供全国20多个省160多个城市千万ip地址随意选择
3、提供静态ip.动态ip地址供客户长期使用
多IP地区
已赞过
已踩过<
评论
收起
你对这个回答的评价是?
推荐律师服务:
若未解决您的问题,请您详细描述您的问题,通过百度律临进行免费专业咨询
