华为认证：ar2831ar1820+br304ipsecvpn经典配置-Linux认证报考指南-百分百考试网

中心: ar2831
分支: ar1820 br304
需求: 中心的内网地址192.168.0.0/24
           分支的内网地址192.168.1.0~192.168.6.0/24
           要求内网互通
[Ar2831]dis cur
#
sysname Ar2831
#
FTP server enable
#
l2tp domain suffix-separator @
#
ike local-name center
#
radius scheme system
#
domain system
#
local-user huawei
password cipher (3F7#N"9*%GQ=^Q`MAF4<<"TX$_S#6.NM(0=0\)*5WWQ=^Q`MAF4<<"TX$_S#6.N
service-type telnet
level 3
#
ike proposal 1
authentication-algorithm md5
#
ike peer fen1
exchange-mode aggressive
pre-shared-key lzlj
id-type name
remote-name fen1
remote-address 222.x.200.x(有公网地址的分中心)
nat traversal
#
ike peer fen2
exchange-mode aggressive
pre-shared-key abcd
id-type name
remote-name fen2
nat traversal
#
ike peer fen3
exchange-mode aggressive
pre-shared-keyabcd
id-type name
remote-name fen3
nat traversal
#
ike peer fen4
exchange-mode aggressive
pre-shared-key abcd
id-type name
remote-name fen4
nat traversal
#
ike peer fen5
exchange-mode aggressive
pre-shared-key abcd
id-type name
remote-name fen5
nat traversal
#
ipsec proposal 1234
#
ipsec policy-template temp_fen 1
ike-peer fen1
proposal 1234
#
ipsec policy-template temp_fen 2
ike-peer fen2
proposal 1234
#
ipsec policy-template temp_fen 3
ike-peer fen3
proposal 1234
#
ipsec policy-template temp_fen 4
ike-peer fen4
proposal 1234
#
ipsec policy-template temp_fen 5
ike-peer fen5
proposal 1234
#
ipsec policy all_peer 1 isakmp template temp_fen
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 218.x.135.x 255.255.255.248
nat outbound 3001
ipsec policy all_peer
#
interface Ethernet0/1
ip address 192.168.0.1 255.255.255.0
#
interface NULL0
#
acl number 3001
rule 0 deny ip source 192.168.0.0 0.0.0.255 destination 192.168.0 0.0.255.255
rule 1 permit ip source 192.168.0.0 0.0..255
rule 2 deny ip
#
ip route-static 0.0.0.0 0.0.0.0 218.x.135.1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
[Ar2831]
[fen3]dis cur
#
sysname fen3
#
local-user test password simple test
local-user test service-type ppp
local-user user password simple 1234
#
aaa enable
#
ike peer fen3
exchange-mode aggressive
pre-shared-key abcdefg
id-type name
remote-name center
remote-address 218.x.135.x
#
ipsec proposal huawei
#
ipsec policy mypolicy 1 isakmp
security acl 3000
ike-peer fen3
proposal huawei
#
interface Ethernet1/0
tcp mss 1024
ip address 192.168.3.1 255.255.255.0
#
interface Ethernet2/0
speed 10
duplex full
tcp mss 1024
ip address 218.x.215.x 255.255.255.0
nat outbound 3001
ipsec policy mypolicy
#
interface NULL0
#
acl number 3000
rule 0 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
acl number 3001
rule 1 deny ip source 192.168.0.0 0.0.0.255 destination 192.168.0.0 0.0.0.255
rule 2 permit ip source 192.168.3.0 0.0.0.255
#
ip route-static 0.0.0.0 0.0.0.0 218.x.215.1 preference 60
#
user-interface con 0
user-interface vty 0 4
user privilege level 3
set authentication password simple test
#
return