ipsec ××× 配置詳解
1.Berlin(config)#crypto isakmp enable
啓用IKE/isakmp(創建傳送IPsec隧道參數的隧道)
啓用IKE/isakmp(創建傳送IPsec隧道參數的隧道)
2.Berlin(config)#crypto isakmp policy 1
設置isakmp策略
Berlin(config-isakmp)#authentication pre-share
身份驗證方法:pre-share/rsa-encr/rsa-sig
Berlin(config-isakmp)#encryption 3des
加密的方法:des/3des/aes
Berlin(config-isakmp)#group 5
傳密鑰的方法D-H算法:1/2/5
Berlin(config-isakmp)#hash sha
完整性的方法:md5/sha
Berlin(config-isakmp)#lifetime 3600
isakmp/IKE的SA的存在時間
Berlin(config-isakmp)#exit
Berlin(config)#crypto isakmp key cisco address 192.168.0.1
預共享密鑰是什麼,IKE/isakmp對端是什麼
設置isakmp策略
Berlin(config-isakmp)#authentication pre-share
身份驗證方法:pre-share/rsa-encr/rsa-sig
Berlin(config-isakmp)#encryption 3des
加密的方法:des/3des/aes
Berlin(config-isakmp)#group 5
傳密鑰的方法D-H算法:1/2/5
Berlin(config-isakmp)#hash sha
完整性的方法:md5/sha
Berlin(config-isakmp)#lifetime 3600
isakmp/IKE的SA的存在時間
Berlin(config-isakmp)#exit
Berlin(config)#crypto isakmp key cisco address 192.168.0.1
預共享密鑰是什麼,IKE/isakmp對端是什麼
3.Berlin(config)#crypto ipsec transform-set 10 esp-3des ah-sha-hmac
配置IPSec轉換集合
Berlin(cfg-crypto-trans)#mode tunnel
採用隧道模式仍是傳輸模式tunnel/transport
Berlin(cfg-crypto-trans)#exit
Berlin(config)#crypto ipsec security-association lifetime seconds 3600
IPSec安全關聯存在的時間
配置IPSec轉換集合
Berlin(cfg-crypto-trans)#mode tunnel
採用隧道模式仍是傳輸模式tunnel/transport
Berlin(cfg-crypto-trans)#exit
Berlin(config)#crypto ipsec security-association lifetime seconds 3600
IPSec安全關聯存在的時間
4.Berlin(config)#access-list 101 permit ip 20.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255
什麼樣的流量要進隧道加密
什麼樣的流量要進隧道加密
5.Berlin(config)#crypto map mymap 110 ipsec-isakmp
創建加密映射
Berlin(config-crypto-map)#match address 101
訪問控制列表101的流量要加密
Berlin(config-crypto-map)#set peer 192.168.0.1
IPSEC SA對端是192.168.0.1
Berlin(config-crypto-map)#set transform-set 10
IPSEC SA的參數採用轉換集名稱10
Berlin(config-crypto-map)#exit
創建加密映射
Berlin(config-crypto-map)#match address 101
訪問控制列表101的流量要加密
Berlin(config-crypto-map)#set peer 192.168.0.1
IPSEC SA對端是192.168.0.1
Berlin(config-crypto-map)#set transform-set 10
IPSEC SA的參數採用轉換集名稱10
Berlin(config-crypto-map)#exit
6.Berlin(config)#int f0/0
Berlin(config-if)#crypto map mymap
加密映射應用到接口上
Berlin(config-if)#crypto map mymap
加密映射應用到接口上
Berlin#show crypto isakmp policy
查看IKE/isakmp策略
Global IKE policy
Protection suite of priority 1
encryption algorithm: Three key triple DES
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #5 (1536 bit)
lifetime: 3600 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
查看IKE/isakmp策略
Global IKE policy
Protection suite of priority 1
encryption algorithm: Three key triple DES
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #5 (1536 bit)
lifetime: 3600 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
Berlin#show crypto ipsec transform-set
查看ipsec轉換集
Transform set 10: { ah-sha-hmac }
will negotiate = { Tunnel, },
{ esp-3des }
will negotiate = { Tunnel, },
查看ipsec轉換集
Transform set 10: { ah-sha-hmac }
will negotiate = { Tunnel, },
{ esp-3des }
will negotiate = { Tunnel, },
Berlin#show crypto isakmp sa 查看IKE/isakmp的安全關聯 dst src state conn-id slot status 192.168.0.1 192.168.0.2 QM_IDLE 1 0 ACTIVE
相關文章
- 1. CiscoRV042 IPSec***配置詳解
- 2. ipsec ***之配置詳解篇
- 3. IPSec配置
- 4. PIX525-IPSEC-×××配置
- 5. ipsec 詳解
- 6. 多IPsec的配置
- 7. IPsec ***路由配置
- 8. IPSEC ×××配置實例
- 9. AR121配置PPPoE、IPSec
- 10. Fortigate 80C IPSEC ×××配置
- 更多相關文章...
- • MyBatis配置文件詳解 - MyBatis教程
- • Eclipse Debug 配置 - Eclipse 教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. CiscoRV042 IPSec***配置詳解
- 2. ipsec ***之配置詳解篇
- 3. IPSec配置
- 4. PIX525-IPSEC-×××配置
- 5. ipsec 詳解
- 6. 多IPsec的配置
- 7. IPsec ***路由配置
- 8. IPSEC ×××配置實例
- 9. AR121配置PPPoE、IPSec
- 10. Fortigate 80C IPSEC ×××配置