ipsec ikev2中转

bestproxy 代理百科

changxing站点与chengdu和aliyun分别建立vpn隧道使得vpc 和vpc6通信

changxing站点配置

Router#sh run

Building configuration...

Current configuration : 2715 bytes

!

! Last configuration change at 14:41:58 EET Mon Aug 2 2021

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

clock timezone EET 2 0

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

!

!

!

!

!

!

!

!

!

!

!

no ip domain lookup

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

redundancy

!

!

!

!

crypto ikev2 proposal qyt-proposal

encryption 3des aes-cbc-256

integrity sha256 sha512

group 2 5 14

!

crypto ikev2 policy qyt-policy

proposal qyt-proposal

!

crypto ikev2 keyring qyt-key

peer chengdu

address 172.16.12.1

pre-shared-key cisco

!

!

crypto ikev2 keyring qyt-key2

peer aliyun

address 172.16.45.5

pre-shared-key cisco

!

!

!

crypto ikev2 profile qyt-profile

match identity remote address 172.16.12.1 255.255.255.255

identity local address 172.16.23.3

authentication remote pre-share

authentication local pre-share

keyring local qyt-key

!

crypto ikev2 profile qyt-profile2

match identity remote address 172.16.45.5 255.255.255.255

identity local address 172.16.34.3

authentication remote pre-share

authentication local pre-share

keyring local qyt-key2

!

!

!

crypto ipsec transform-set qyt-trans1 esp-des esp-md5-hmac

mode tunnel

crypto ipsec transform-set qyt-trans2 esp-3des esp-sha256-hmac

mode tunnel

!

!

!

crypto map qyt-map 10 ipsec-isakmp

set peer 172.16.12.1

set transform-set qyt-trans1 qyt-trans2

set ikev2-profile qyt-profile

match address vpn

!

crypto map qyt-map2 10 ipsec-isakmp

set peer 172.16.45.5

set transform-set qyt-trans1 qyt-trans2

set ikev2-profile qyt-profile2

match address vpn1

!

!

!

!

!

interface Ethernet0/0

ip address 192.168.2.254 255.255.255.0

!

interface Ethernet0/1

ip address 172.16.34.3 255.255.255.0

crypto map qyt-map2

!

interface Ethernet0/2

ip address 172.16.23.3 255.255.255.0

crypto map qyt-map

!

interface Ethernet0/3

no ip address

shutdown

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

ip route 172.16.12.0 255.255.255.0 172.16.23.2

ip route 172.16.45.0 255.255.255.0 172.16.34.4

ip route 192.168.1.0 255.255.255.0 172.16.23.2

ip route 192.168.3.0 255.255.255.0 172.16.34.4

!

ip access-list extended vpn

permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

ip access-list extended vpn1

permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

transport input none

!

!

end

Router#sh cryp

Router#sh crypto ike

Router#sh crypto ikev2 sa

IPv4 Crypto IKEv2SA

Tunnel-id Local Remotefvrf/ivrfStatus

2 172.16.23.3/500 172.16.12.1/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/286 sec

Tunnel-id Local Remotefvrf/ivrfStatus

1 172.16.34.3/500 172.16.45.5/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/288 sec

IPv6 Crypto IKEv2SA

Router#sh crypto ikev2 se

Router#sh crypto ikev2 session

IPv4 Crypto IKEv2 Session

Session-id:8, Status:UP-ACTIVE, IKE count:1, CHILD count:1

Tunnel-id Local Remotefvrf/ivrfStatus

2 172.16.23.3/500 172.16.12.1/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/288 sec

Child sa: local selector192.168.3.0/0 - 192.168.3.255/65535

remote selector 192.168.1.0/0 - 192.168.1.255/65535

ESP spi in/out: 0x7E9D92B9/0x7A5920C7

Session-id:7, Status:UP-ACTIVE, IKE count:1, CHILD count:1

Tunnel-id Local Remotefvrf/ivrfStatus

1 172.16.34.3/500 172.16.45.5/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/290 sec

Child sa: local selector192.168.1.0/0 - 192.168.1.255/65535

remote selector 192.168.3.0/0 - 192.168.3.255/65535

ESP spi in/out: 0x2F6FF4AC/0xB13E5C6D

IPv6 Crypto IKEv2 Session

Router#

Router con0 is now available

Press RETURN to get started.

Router>

Router>

Router>

Router>

Router>

Router>en

Router#

Router#sh run

Building configuration...

Current configuration : 2715 bytes

!

! Last configuration change at 14:41:58 EET Mon Aug 2 2021

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

clock timezone EET 2 0

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

!

!

!

!

!

!

!

!

!

!

!

no ip domain lookup

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

redundancy

!

!

!

!

crypto ikev2 proposal qyt-proposal

encryption 3des aes-cbc-256

integrity sha256 sha512

group 2 5 14

!

crypto ikev2 policy qyt-policy

proposal qyt-proposal

!

crypto ikev2 keyring qyt-key

peer chengdu

address 172.16.12.1

pre-shared-key cisco

!

!

crypto ikev2 keyring qyt-key2

peer aliyun

address 172.16.45.5

pre-shared-key cisco

!

!

!

crypto ikev2 profile qyt-profile

match identity remote address 172.16.12.1 255.255.255.255

identity local address 172.16.23.3

authentication remote pre-share

authentication local pre-share

keyring local qyt-key

!

crypto ikev2 profile qyt-profile2

match identity remote address 172.16.45.5 255.255.255.255

identity local address 172.16.34.3

authentication remote pre-share

authentication local pre-share

keyring local qyt-key2

!

!

!

crypto ipsec transform-set qyt-trans1 esp-des esp-md5-hmac

mode tunnel

crypto ipsec transform-set qyt-trans2 esp-3des esp-sha256-hmac

mode tunnel

!

!

!

crypto map qyt-map 10 ipsec-isakmp

set peer 172.16.12.1

set transform-set qyt-trans1 qyt-trans2

set ikev2-profile qyt-profile

match address vpn

!

crypto map qyt-map2 10 ipsec-isakmp

set peer 172.16.45.5

set transform-set qyt-trans1 qyt-trans2

set ikev2-profile qyt-profile2

match address vpn1

!

!

!

!

!

interface Ethernet0/0

ip address 192.168.2.254 255.255.255.0

!

interface Ethernet0/1

ip address 172.16.34.3 255.255.255.0

crypto map qyt-map2

!

interface Ethernet0/2

ip address 172.16.23.3 255.255.255.0

crypto map qyt-map

!

interface Ethernet0/3

no ip address

shutdown

!

ip forward-protocol nd

!

!

no ip http server

no ip http secure-server

ip route 172.16.12.0 255.255.255.0 172.16.23.2

ip route 172.16.45.0 255.255.255.0 172.16.34.4

ip route 192.168.1.0 255.255.255.0 172.16.23.2

ip route 192.168.3.0 255.255.255.0 172.16.34.4

!

ip access-list extended vpn

permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255

permit ip 192.168.3.0 0.0.0.255 192.168.1.0 0.0.0.255

ip access-list extended vpn1

permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

login

transport input none

!

!

end

Router#sh cr

Router#sh cryp

Router#sh crypto ike

Router#sh crypto ikev2 sa

IPv4 Crypto IKEv2SA

Tunnel-id Local Remotefvrf/ivrfStatus

2 172.16.23.3/500 172.16.12.1/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/961 sec

Tunnel-id Local Remotefvrf/ivrfStatus

1 172.16.34.3/500 172.16.45.5/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/963 sec

IPv6 Crypto IKEv2SA

Router#sh crypto ikev2 se

Router#sh crypto ikev2 session

IPv4 Crypto IKEv2 Session

Session-id:8, Status:UP-ACTIVE, IKE count:1, CHILD count:1

Tunnel-id Local Remotefvrf/ivrfStatus

2 172.16.23.3/500 172.16.12.1/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/964 sec

Child sa: local selector192.168.3.0/0 - 192.168.3.255/65535

remote selector 192.168.1.0/0 - 192.168.1.255/65535

ESP spi in/out: 0x7E9D92B9/0x7A5920C7

Session-id:7, Status:UP-ACTIVE, IKE count:1, CHILD count:1

Tunnel-id Local Remotefvrf/ivrfStatus

1 172.16.34.3/500 172.16.45.5/500 none/noneREADY

Encr: 3DES, PRF: SHA256, Hash: SHA256, DH Grp:2, Auth sign: PSK, Auth verify: PSK

Life/Active Time: 86400/966 sec

Child sa: local selector192.168.1.0/0 - 192.168.1.255/65535

remote selector 192.168.3.0/0 - 192.168.3.255/65535

ESP spi in/out: 0x2F6FF4AC/0xB13E5C6D

IPv6 Crypto IKEv2 Session

Router#

(0)
« 上一篇 2022年4月5日 pm5:14
下一篇 » 2022年4月5日 pm5:16

相关文章

  • 版号不来的第8个月,想它

    没有 “重锤”,也没有版号。 2022年2月21日,一则来自投资社区雪球的传闻在互联网上传播发酵。某用户自称得到“腾讯的同事证实”,了解到“足以颠覆腾讯的大锤”。这则消息迅速得到了各方关注,甚至引动了不小的恐慌情绪。 随着热度升高,许多雪球用户留言质询这一发言的可靠性,但此后该用户疑似已注销账号。21日下午,腾讯集团市场与公关部总经理张军在朋友圈作出澄清,并...

    代理百科 2022年6月10日

  • 浏览器怎么屏蔽网页

    1.首先找到主机文件。在Windows 7的32位系统中,主机文件的位置在文件夹“ C:WindowsSystem32driversetc”下 2.右键单击主机文件,选择打开选项,然后在打开模式下选择“记事本” 3.在使用记事本进入编辑模式后,输入要阻止的URL和不是网络站点的IP。使用127.0.0.1,这是计算机的地址。 4.添加后,单击“文件”→“另存...

    代理百科 2022年4月16日

  • 长沙我主良缘为单身开启手机相亲时代在线就能相亲交友

    脱单路上,一方面,来自父母的心急如焚、寝食难安;另一方面,单身花费大量的时间和精力出入相亲场合,希望物色不错的对象,但常常事与愿违。不想再扎心?现在,长沙我主良缘为单身开启手机相亲时代,通过的方式,汇聚各行业优质单身男女,摆脱时间和地点的限制,打开就能在线“挑”对象,聊得来再约面! 无奈成婚恋“困难户” 单身欲自主脱单 在一家事业单位就职的黄先生今年31岁,...

    代理百科 2022年7月7日

  • 新手加盟手游代理靠谱吗?

    手游是互联网行业中发展的最快的行业之一,手游行业的快速发展也带动了很多其他手游相关行业,如手游电竞设备、手游直播、手游代理、手游代练、手游陪玩等依附于手游行业的产业链,而手游代理因为可以零经验要求,没有时间地点的限制,所以也成为手游行业中门槛较低,收益较高创业项目。 打开凤凰新闻,查看更多高清图片 手游代理创业的第一步就是选择要合作的手游平台,然后再根据平台...

    代理百科 2022年4月24日

  • 初步实现HTTP服务的Wine4.15发布

    Wine 4.15 发布了。Wine(Wine Is Not an Emulator)是一个能够在多 Wine 4.15 发布了。Wine(Wine Is Not an Emulator)是一个能够在多种兼容 POSIX 接口的操作系统(诸如 Linux、macOS 与 BSD 等)上运行 Windows 应用的兼容层。 Wine (“Wine Is Not...

    代理百科 2022年4月16日

  • 美国卫生与公众服务部:美国再订购36000剂猴痘疫苗,将于本周交付。

    美国卫生与公众服务部:美国再订购36000剂猴痘疫苗,将于本周交付。

    代理百科 2022年6月9日