留言板

Hi,可以在这里留言哦

“留言板” 包含 1 条回应

  1. 请教各位:我想使用VPP与网关建立IPsec连接,配置如下,总是建立不起来,抓包看在第一步就没有完成,网关给VPP发起连接,VPP没有任何回复。可否请各位大神帮忙看看,究竟是哪里有问题?
    ————— —————

    | | 192.168.2.0/24 | |

    192.168.4.1 X VPP X================X GW X 192.168.1.1

    | responder |.99 .4| initiator |

    ————— —————
    VPP as responder:
    set int state GigabitEthernet2/5/0 up
    set int ip address GigabitEthernet2/5/0 192.168.2.99/24
    set int state GigabitEthernet2/6/0 up
    set int ip address GigabitEthernet2/6/0 192.168.4.1/24
    ikev2 profile add pr1
    ikev2 profile set pr1 auth shared-key-mic string Vpp123
    ikev2 profile set pr1 id local ip4-addr 192.168.2.99
    ikev2 profile set pr1 id remote ip4-addr 192.168.2.4
    ikev2 profile set pr1 traffic-selector local ip-range 192.168.4.0 – 192.168.4.255 port-range 0 – 65535 protocol 0
    ikev2 profile set pr1 traffic-selector remote ip-range 192.168.1.0 – 192.168.1.255 port-range 0 – 65535 protocol 0
    ikev2 profile set pr1 responder GigabitEthernet2/5/0 192.168.2.99
    ikev2 profile set pr1 ike-crypto-alg aes-cbc 256 ike-integ-alg sha1-96 ike-dh modp-1024
    ikev2 profile set pr1 esp-crypto-alg aes-cbc 256 esp-integ-alg sha1-96 esp-dh ecp-256
    ikev2 profile set pr1 sa-lifetime 3600 10 5 0

    GW as initiator:
    #test BEGIN
    conn test
    left=192.168.2.6
    leftnexthop=192.168.2.4
    leftsubnets={ 192.168.4.0/24, }
    right=192.168.2.4
    rightnexthop=192.168.2.6
    rightsubnets={ 192.168.1.0/24, }
    auto=add
    authby=secret
    ike=aes256-SHA1-modp1024!
    ikelifetime=86400s
    type=tunnel
    esp=aes256-SHA1!
    keylife=3600s
    pfs=no
    #test END

发表评论

电子邮件地址不会被公开。 必填项已用*标注