手工方式建立IPsec安全隧道

R1]dis curr

dis curr

#

 sysname R1

acl number 3000

 rule 5 permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255

ipsec proposal h3c

 esp authentication-algorithm sha1

 esp encryption-algorithm 3des

ipsec policy hehe 10 manual

 security acl 3000

 proposal h3c

 tunnel local 2.2.2.1

 tunnel remote 2.2.3.1

 sa spi inbound esp 123456

 sa string-key inbound esp abc

 sa spi outbound esp 123456

 sa string-key outbound esp abc

interface Ethernet0/0/0

 ip address 10.1.1.1 255.255.255.0

  ---- More ----

interface Serial0/0/0                    

 link-protocol ppp                       

 ip address 2.2.2.1 255.255.255.0        

 ipsec policy hehe                       

#                                        

interface NULL0                          

aaa                                      

 authentication-scheme default           

 #                                       

 authorization-scheme default            

 accounting-scheme default               

 domain default                          

ospf 1                                   

 area 0.0.0.0                            

  network 2.2.2.0 0.0.0.255              

  ---- More ----

 ip route-static 10.1.2.0 255.255.255.0 2.2.2.2

user-interface con 0

user-interface vty 0 4

user-interface vty 16 20

return

[R1]

<R2>sys

sys

Enter system view, return user view with Ctrl+Z.

[R2]dis curr

 sysname R2

interface Serial0/0/0

 link-protocol ppp

 ip address 2.2.2.2 255.255.255.0

interface Serial0/0/1

 ip address 2.2.3.2 255.255.255.0

interface NULL0

aaa

 authentication-scheme default

 #

 authorization-scheme default

 accounting-scheme default

 domain default

  network 2.2.3.0 0.0.0.255              

user-interface con 0                     

user-interface vty 0 4                   

user-interface vty 16 20                 

return