-
华为路由器即做ipsec vpn又能上互联网
R7:
interface GigabitEthernet0/0/1
ip address 8.8.8.1 255.255.255.0ip route-static 0.0.0.0 0.0.0.0 1.1.1.1
acl number 3001
rule 1 deny ip source 8.8.8.0 0.0.0.255 destination 9.9.9.0 0.0.0.255 (把需要vpn的网段先在第一次进行过滤掉,路由出口过滤掉后再回内部再匹配vpn 3000的规则出去过行vpn访问北京)
rule 5 permit ip source 8.8.8.0 0.0.0.255acl number 3000
rule 5 permit ip source 8.8.8.0 0.0.0.255 destination 9.9.9.0 0.0.0.255ipsec proposal 10
ike proposal 10
ike local-name szike peer sz v1
exchange-mode aggressive
pre-shared-key cipher admin
ike-proposal 10
local-id-type name
remote-name bj
nat traversal
remote-address 3.3.3.3ipsec policy sz 1 isakmp
security acl 3000
ike-peer sz
proposal 10出口调用:
interface GigabitEthernet0/0/0
ip address 1.1.1.2 255.255.255.0
ipsec policy sz
nat outbound 3001R8:
interface GigabitEthernet0/0/1
ip address 9.9.9.1 255.255.255.0interface GigabitEthernet0/0/2
ip route-static 0.0.0.0 0.0.0.0 3.3.3.1
acl number 3000
rule 5 permit ip source 9.9.9.0 0.0.0.255 destination 8.8.8.0 0.0.0.255acl number 3001
rule 1 deny ip source 9.9.9.0 0.0.0.255 destination 8.8.8.0 0.0.0.255
rule 5 permit ip source 9.9.9.0 0.0.0.255ipsec proposal 10
ike proposal 10
ike local-name bjike peer bj v1
exchange-mode aggressive
pre-shared-key cipher admin
ike-proposal 10
local-id-type name
remote-name sz
nat traversal
remote-address 1.1.1.2ipsec policy bj 1 isakmp
security acl 3000
ike-peer bj
proposal 10接口上调用:
interface GigabitEthernet0/0/0
ip address 3.3.3.3 255.255.255.0
ipsec policy bj
nat outbound 3001 -
相关阅读:
数据分析必备的能力
如何使用前端表格控件实现多数据源整合?
CentOS7 自带防火墙+Nginx封堵高频访问的恶意IP
tf loss构建常用到函数
杠杆思维和时间管理
第十四章:网络编程
【大数据分析专业之基于python的企业数据大屏可视化分析系统-哔哩哔哩】 https://b23.tv/hUraRJV
【等保小知识】等保整改是什么意思?整改内容包括哪些?
成都无人机测绘公司 无人机测绘服务 无人机航测作业
H3C交换机如何重置console口密码
- 原文地址:https://blog.csdn.net/ydaxia110/article/details/134534899