拓扑图:
AR1 的配置:
- <AR1>
- dis current-configuration [V200R003C00] # sysname AR1 # snmp-agent local-engineid
- 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time
- minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-Mac
- alarm # set CPU-usage threshold 80 restore 75 # acl number 3100 rule 5
- permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0 0.0.0.255 # ipsec
- proposal pro1 esp authentication-algorithm sha1 esp encryption-algorithm
- aes-128 # ike peer spub v1 pre-shared-key simple huawei remote-address
- 202.138.162.1 # ipsec policy client 10 isakmp security acl 3100 ike-peer
- spub proposal pro1 # aaa authentication-scheme default authorization-scheme
- default accounting-scheme default domain default domain default_admin local-user
- admin password cipher %$%$K8m.Nt84DZ}e#
- <0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local
- priority 15 # interface GigabitEthernet0/0/0 ip address 10.1.1.1 255.255.255.0
- # interface GigabitEthernet0/0/1 ip address 202.138.163.1 255.255.255.0
- ipsec policy client # interface GigabitEthernet0/0/2 # interface NULL0
- # ip route-static 0.0.0.0 0.0.0.0 202.138.163.2 # user-interface con 0
- authentication-mode password user-interface vty 0 4 user-interface vty
- 16 20 # wlan ac # return
AR3 的配置:
- <AR3>
- dis current-configuration [V200R003C00] # sysname AR3 # snmp-agent local-engineid
- 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time
- minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-Mac
- alarm # set CPU-usage threshold 80 restore 75 # acl number 3100 rule 5
- permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255 # ipsec
- proposal pro1 esp authentication-algorithm sha1 esp encryption-algorithm
- aes-128 # ike peer spua v1 pre-shared-key simple huawei remote-address
- 202.138.163.1 # ipsec policy server 10 isakmp security acl 3100 ike-peer
- spua proposal pro1 # aaa authentication-scheme default authorization-scheme
- default accounting-scheme default domain default domain default_admin local-user
- admin password cipher %$%$K8m.Nt84DZ}e#
- <0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local
- priority 15 # interface GigabitEthernet0/0/0 ip address 202.138.162.1 255.255.255.0
- ipsec policy server # interface GigabitEthernet0/0/1 ip address 10.1.2.1
- 255.255.255.0 # interface GigabitEthernet0/0/2 # interface NULL0 # ip route-static
- 0.0.0.0 0.0.0.0 202.138.162.2 # user-interface con 0 authentication-mode
- password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return
来源: http://www.bubuko.com/infodetail-3127736.html