网络安全 频道

H3C SecPath防火墙GRE+IPSEC+OSPF典型配置举例(2)

(3) 3680的配置  //主要进行PPPOE Server的配置

 sysname Quidway
#
interface Virtual-Template1 //一个虚模板对应一个pppoe client
 ip address 1.1.1.2 255.255.255.0
 remote address 1.1.1.1
#
interface Virtual-Template2
 ip address 1.1.2.2 255.255.255.0
 remote address 1.1.2.1
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Ethernet0/0
 ip address 2.1.1.1 255.255.255.0
#
interface Ethernet0/1
 ip address 3.1.1.1 255.255.255.0
#
interface Ethernet4/0
 pppoe-server bind Virtual-Template 1  //pppoe server必须关联一个虚模板
#
interface Ethernet7/0
 pppoe-server bind Virtual-Template 2
#
interface Serial5/0
 link-protocol ppp
#
interface Serial5/1
 clock DTECLK1
 link-protocol ppp
#
interface NULL0
#
acl number 2000
 rule 0 permit
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
 
(4) SecPath1的配置

 sysname Quidway
#
 ike local-name 1
#
ike peer 1 //ike配置
 exchange-mode aggressive
 pre-shared-key 1
 id-type name
 remote-name client
 nat traversal
 max-connections 10
#
ipsec proposal 1
#
ipsec policy-template tp 1 //使用安全策略模板创建安全策略
 ike-peer 1
 proposal 1
#
ipsec policy 1 1 isakmp template tp //在安全策略1中引用安全策略模板tp
#
interface Virtual-Template0
 ip address 172.31.1.1 255.255.255.0
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface GigabitEthernet0/0
 ip address 2.1.1.2 255.255.255.0
 ipsec policy 1
#
interface GigabitEthernet0/1
 ip address 11.0.0.1 255.255.255.0
 ospf cost 100
#
interface Tunnel0
 ip address 4.1.1.1 255.255.255.0
#
interface Tunnel1
 ip address 6.1.1.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
 ip address 192.168.0.1 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 4.1.1.0 0.0.0.255
  network 6.1.1.0 0.0.0.255
  network 11.0.0.0 0.0.0.255
  network 172.31.1.0 0.0.0.255
#
 ip route-static 0.0.0.0 0.0.0.0 2.1.1.1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
(5) SecPath2的配置

 sysname Quidway
#
 ike local-name 2
#
ike peer 1
 exchange-mode aggressive
 pre-shared-key 1
 id-type name
 remote-name client
 nat traversal
 max-connections 10
#
ipsec proposal 1
#
ipsec policy-template tp 1
 ike-peer 1
 proposal 1
#
ipsec policy 1 1 isakmp template tp
#
interface Virtual-Template1
 ip address 172.31.2.1 255.255.255.0
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface GigabitEthernet0/0
 ip address 3.1.1.2 255.255.255.0
 ipsec policy 1
#
interface GigabitEthernet0/1
 ip address 10.0.0.1 255.255.255.0
 ospf cost 99
#
interface Tunnel0
 ip address 5.1.1.2 255.255.255.0
#
interface Tunnel1
 ip address 7.1.1.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
 ip address 192.168.0.2 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 5.1.1.0 0.0.0.255
  network 7.1.1.0 0.0.0.255
  network 10.0.0.0 0.0.0.255
  network 172.31.2.0 0.0.0.255
#
 ip route-static 0.0.0.0 0.0.0.0 3.1.1.1 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
(6) 1760的配置

 sysname Quidway
#
 sysname Quidway
#
interface Aux0
 async mode flow
 link-protocol ppp
#
interface Ethernet0/0
 ip address 11.0.0.2 255.255.255.0
 ospf cost 100
#
interface Ethernet1/0
 ip address 10.0.0.2 255.255.255.0
 ospf cost 99
#
interface Tunnel0
#
interface NULL0
#
interface LoopBack0
 ip address 155.0.0.1 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 10.0.0.0 0.0.0.255
  network 11.0.0.0 0.0.0.255
  network 155.0.0.0 0.0.0.255
#
user-interface con 0
user-interface tty 1
 modem both
user-interface aux 0
user-interface vty 0 4
#
return
0
相关文章