dis
display ipsec sa #查看状态
display ike proposal #查看ike策略
AR2
sys
sys AR2
inter g0/0/0
ip add 39.39.0.2 30
undo shut
inter g0/0/1
ip add 39.39.0.5 30
undo shut
quit
inter loopback 0
ip add 2.2.2.2 32
quit
ospf 1
default-route-advertise always
area 0
network 39.39.0.0 0.0.0.3
quit
quit
ip route-static 0.0.0.0 0 39.39.0.6
acl number 3000 #流量匹配
rule 5 permit ip source 192.168.39.0 0.0.0.255 destination 172.16.39.0 0.0.0.255
quit
ike proposal 1 #设置ike提议参数
encryption-algorithm 3des-cbc #设置加密算法
authentication-algorithm md5 #设置哈西散列算法md5
quit
ike peer r2tor4 v1 # 创建ike对等体,名称r2tor4 不同厂商用v2
pre-shared-key cipher 123321 # 设置协商密码
ike-proposal 1 # 调用ike提议参数
remote-address 39.39.0.9 #设置对端vpn公网ip
quit
ipsec proposal 1 #创建ipsec提议参数
transform ah #设置封装协议为ah
quit
ipsec policy swl 10 isakmp #创建安全策略,用户名为swl,10为序号,isakmp表示通过的流量
security acl 3000 #调用acl 3000来限制允许通过的流量
ike-peer r2tor4 #调用ike 对等体
proposal 1 #调用IPSec proposal
quit
inter g0/0/1
ipsec policy swl #接口应用ipsec
quit
