Список форумов developerov.net developerov.net
Форум союза девелоперов
 
 FAQFAQ   ПоискПоиск   ПользователиПользователи   ГруппыГруппы   РегистрацияРегистрация 
 ПрофильПрофиль   Войти и проверить личные сообщенияВойти и проверить личные сообщения   ВходВход 

Aitai and Cisco do IPSEC VPN

 
Начать новую тему   Ответить на тему    Список форумов developerov.net -> Ищу инвестора
Предыдущая тема :: Следующая тема  
Автор Сообщение
qizhen0809



Зарегистрирован: 18.09.2016
Сообщения: 8633

СообщениеДобавлено: Чт Янв 11, 2018 7:06 am    Заголовок сообщения: Aitai and Cisco do IPSEC VPN Ответить с цитатой

{<p> A, Cisco (RouteB) </p>
<p> 1.CiscoACL
New Huawei Optical Switch Ce12812 Layer 3 Switch Ethernet Switch configuration (mainly refer to IPSec configuration which flow) </p>
<p> router (config) #access-list110permitIP192.168.11.00.0.0.255192.168.100.00.0.0.255</p>
<p> router (config) # access-list110permitIP192.168.100.00.0.0.255192.168.11.00.0.0.255</p>
<p> 2. the first phase of the IKE configuration of </p>
<p> I. use and shared key authentication and shared key encryption algorithm for cisco1122</p>
<p> ii.: des</p>
<p> III. certification md5</p>
<p> algorithm: iv.DH group: group2</p>
<p> v. SA </p>
<p> router the first phase of 28800
Huawei Dslam Ua5000 Access Optical Equipment seconds (config) #cryptoisakmpenable # IKE enabled (default startup) </p>
<p> router (config) #cryptoisakmppolicy100 IKE # establishment strategy, the priority is 100</p>
<p> router (config-isakmp) authenticationpre-share # # using pre shared Password authentication </p>
<p> router (config-isakmp) #encryptiondes # using DES encryption mode </p>
<p> (config-isakmp) router #group2 # specifies the key figures, group2 more secure, but more consumption of cpu</p>
<p> router (config-isakmp) #hashmd5 # specifies the hash algorithm for the MD5 (the other way: Sha, RSA) </p>
<p> router (config-isakmp) #lifetime28880 # designated SA valid time. The default is 86400 seconds, at both ends of </p>
<p> router (config) #cryptoisakmpkeycisco1122address192.168.0.124# configuration pre shared key (Cisco to specify the other address) </p>
<p> 3.IPSec </p>
<p> I. IPSec second stage configuration configuration: the actual exchange set is the definition of encryption and authentication algorithm in the second stage, subsequent references to </p>
<p> encryption algorithm: DES algorithm: MD5; authentication; encapsulation protocol: ESP</p>
<p> router (config) #cryptoipsectransform-setabcesp-desesp-md5-hmac</p>
<p> configuration IPSec exchange set the name ABC can be taken, both ends of the name can also be different, but other parameters should be consistent. </p>
<p> ii. configuration IPSec encryption map: actually identifies the identity of the other party, which flow to do IPSec, the survival of the second stage SA and the </p>
<p> router exchange set reference (config) #cryptomapmymap100ipsec-isakmp # create encrypted graph mymap can be custom name </p>
<p> router (config-crypto-map) #matchaddress110 # uses ACL to define the encrypted communications </p>
<p> router (config-crypto-map) #setpeer192.168.0.124 the other # ID router IP address </p>
<p> router (config-crypto-map) #settransform-setabc # specifies the encryption map using IPSEC </p>
<p> router (config-crypto-map) exchange in #setsecurity-associationlifetime86400 # specified second stage survival of SA </p>
<p> 4. will be applied to the interface on </p>
<p> Map Encryption router (config) #interfaceethernet0/1 WAN router # into port </p>
<p> (config-if) cryptomapmamap # # encryption Map is applied to the interface of </p>
<p> 5. configuration NONAT: to ensure the access to IPSec is not enabled NAT to end network 192.168.11.0/24, IPSec </p>
<p> router (config) #nat tunnel (inside)
Huawei Next Generation Gigabit Ethernet Switch S5720 28P Si Ac 0access-list110</p>
<p> 6. note do not enable PFS</p>
<p> two and UTT2512 in Cisco (RouterA)
configuration</p>
_________________
bar table top Finland
Вернуться к началу
Посмотреть профиль Отправить личное сообщение Посетить сайт автора AIM Address
valaste



Зарегистрирован: 15.04.2018
Сообщения: 170792

СообщениеДобавлено: Ср Апр 25, 2018 5:51 pm    Заголовок сообщения: Ответить с цитатой

cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607cz9607
cz9607
Вернуться к началу
Посмотреть профиль Отправить личное сообщение
Показать сообщения:   
Начать новую тему   Ответить на тему    Список форумов developerov.net -> Ищу инвестора Часовой пояс: GMT
Страница 1 из 1

 
Перейти:  
Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах


Powered by phpBB © 2001, 2005 phpBB Group
Русская поддержка phpBB