首页 科技问答 单畅,F1000防火墙用iNode拨L2tp over ipsec典型配置

单畅,F1000防火墙用iNode拨L2tp over ipsec典型配置

科技问答 241
1676539847,

组网及说明


配置步骤

设备侧配置:

#

interface Virtual-Template1

 ppp authentication-mode chap domain system

 remote address pool 1

 ip address 192.168.10.1 255.255.255.0

#

interface GigabitEthernet0/1

 port link-mode route

 combo enable copper

 ip address 113.135.195.230 255.255.255.224

 nat outbound

 ipsec apply policy 1

#

interface GigabitEthernet0/2

 port link-mode route

 ip address 172.168.100.1 255.255.255.0

#

local-user vpn class network

 password cipher $c$3$HQmQBQquyfz0iPV52E+t2OkKba7Vn9A=

 service-type ppp

 authorization-attribute user-role network-operator

#

ipsec transform-set 1

 encapsulation-mode tunnel

 esp encryption-algorithm aes-cbc-128

 esp authentication-algorithm md5

#

ipsec transform-set 2

 encapsulation-mode tunnel

 esp encryption-algorithm aes-cbc-256

 esp authentication-algorithm md5

#

ipsec transform-set 3

 encapsulation-mode tunnel

 esp encryption-algorithm 3des-cbc

 esp authentication-algorithm md5

#

ipsec transform-set 4

 encapsulation-mode tunnel

 esp encryption-algorithm aes-cbc-192

 esp authentication-algorithm md5

#

ipsec transform-set 5

 encapsulation-mode tunnel

 esp encryption-algorithm 3des-cbc

 esp authentication-algorithm md5

#

ipsec transform-set 6

 encapsulation-mode tunnel

 esp encryption-algorithm aes-cbc-256

 esp authentication-algorithm md5

#

ipsec policy-template 1 1

 transform-set 1 2 3 4 5 6

 local-address 113.135.xx.xx

 ike-profile 1

 reverse-route dynamic

#

ipsec policy 1 1 isakmp template 1

#

l2tp-group 1 mode lns

 allow l2tp virtual-template 1

 undo tunnel authentication

#

 l2tp enable

#

ike profile 1

 keychain 1

 local-identity fqdn LNS

 match remote identity address 0.0.0.0 0.0.0.0

 match remote identity user-fqdn LAC

 match remote identity fqdn LAC

 proposal 1 2 3 4 5 6

#

ike profile q

#

ike proposal 1

 encryption-algorithm aes-cbc-128

 dh group2

 authentication-algorithm md5

#

ike proposal 2

 encryption-algorithm 3des-cbc

 dh group2

 authentication-algorithm md5

#

ike proposal 3

 encryption-algorithm 3des-cbc

 dh group2

#

ike proposal 4

 encryption-algorithm aes-cbc-256

 dh group2

#

ike proposal 5

 dh group2

#

ike proposal 6

 encryption-algorithm aes-cbc-192

 dh group2

#

ike keychain 1

 pre-shared-key address 0.0.0.0 0.0.0.0 key cipher $c$3$AY0t5qKEqCJlFOXDUAtStcB6ckWRN/0=

#

 iNode上配置:





配置关键点

设备侧 ipsec配置需要注意:

1、两边的加密算法需保持一致;

2、与iNode对接,ipsec transform-set encapsulation-mode tunnel 安全提议需要配置为传输模式。否则会iNode侧拨号会建立失败,有如下报错:


CRM论坛(CRMbbs.com)——一个让用户更懂CRM的垂直性行业内容平台,CRM论坛致力于互联网、客户管理、销售管理、SCRM私域流量内容输出5年。 如果您有好的内容,欢迎向我们投稿,共建CRM多元化生态体系,创建CRM客户管理一体化生态解决方案。本文来源:知了社区基于知识共享署名-相同方式共享3.0中国大陆许可协议,F1000防火墙用iNode拨L2tp over ipsec典型配置
L2TP over IPSec VPN NGFW防火墙

相关推荐

热门文章

广告

文章目录

    标签列表

    扫码二维码

    本站内容源自互联网,如有内容侵犯了您的权益,请联系删除相关内容。

    Copyright © 2019-2023 CRM论坛. All Rights Reserved. |文章投稿|关于CRM论坛|豫ICP备17017144号
    Theme By CATBEI