使用IPSec虛拟隧道接口建立IPSec安全隧道

實驗TOP：

RT1的配置：

==================================

<H3C>sy

[H3C]int g0/1/0

[H3C-GigabitEthernet0/1/0]ip add 192.168.1.2 255.255.255.0

[H3C-GigabitEthernet0/1/0]un shut

[H3C-GigabitEthernet0/1/0]quit

[H3C]int g0/1/1

[H3C-GigabitEthernet0/1/1]ip add 192.168.2.1 255.255.255.0

[H3C-GigabitEthernet0/1/1]un shut

[H3C-GigabitEthernet0/1/1]quit

[H3C]ike local-name rt1

[H3C]ip route-static 0.0.0.0 0.0.0.0 192.168.2.2

[H3C]ike peer peer1

[H3C-ike-peer-peer1]pre-shared-key simple abcde

[H3C-ike-peer-peer1]id-type name

[H3C-ike-peer-peer1]remote-name rt2

[H3C-ike-peer-peer1]quit

[H3C]ipsec proposal kalng

[H3C-ipsec-proposal-kalng]encapsulation-mode tunnel

[H3C-ipsec-proposal-kalng]transform esp

[H3C-ipsec-proposal-kalng]esp encryption-algorithm des

[H3C-ipsec-proposal-kalng]esp authentication-algorithm md5

[H3C-ipsec-proposal-kalng]quit

[H3C]ipsec profile abc                               （安全架構）

[H3C-ipsec-profile-abc]ike-peer peer1

[H3C-ipsec-profile-abc]proposal kalng

[H3C-ipsec-profile-abc]quit

[H3C]int Tunnel 1                                             （虛拟接口）

[H3C-Tunnel1]ip address 172.16.1.1 255.255.255.0

[H3C-Tunnel1]tunnel-protocol ipsec ipv4    

[H3C-Tunnel1]source g0/1/1                     

[H3C-Tunnel1]destination 192.168.3.2

[H3C-Tunnel1]ipsec profile abc

[H3C]