配置拓扑图
1、VPP1 IKEv1配置
1.1、配置接口
1、配置2/1/0口
set interface state GigabitEthernet2/1/0 up
set interface ip address GigabitEthernet2/1/0 10.66.0.1/24
set interface promiscuous on GigabitEthernet2/1/0
2、配置2/4/0口
set interface state GigabitEthernet2/4/0 up
set interface ip address GigabitEthernet2/4/0 10.0.0.1/24
set interface promiscuous on GigabitEthernet2/4/0
1.2、配置IPSec隧道
create ipsec tunnel local-ip 10.66.0.1 local-spi 1031 remote-ip 10.66.0.2 remote-spi 1030
1.3、配置本端加密算法和密钥
set interface ipsec key ipsec0 local crypto aes-cbc-128 123456
1.4、配置对端加密算法和密钥
set interface ipsec key ipsec0 remote crypto aes-cbc-128 123456
1.5、配置本端认证算法和密钥
set interface ipsec key ipsec0 local integ sha1-96 123456
1.6、配置对端认证算法和密钥
set interface ipsec key ipsec0 remote integ sha1-96 123456
1.7、启用IPSec接口
set int state ipsec0 up
1.8、添加IPSec路由
ip route add 11.0.0.0/24 via ipsec0
1.9、IPSec接口绑定到物理口
set interface unnumbered ipsec0 use GigabitEthernet2/1/0
2、VPP2 IKEv1配置
2.1、配置接口
1、配置2/2/0口
set int state GigabitEthernet2/2/0 up
set int ip address GigabitEthernet2/2/0 11.0.0.1/24
set int promiscuous on GigabitEthernet2/2/0
2、配置2/3/0口
set int state GigabitEthernet2/3/0 up
set int ip address GigabitEthernet2/3/0 10.66.0.2/24
set int promiscuous on GigabitEthernet2/3/0
2.2、配置IPSec隧道
create ipsec tunnel local-ip 10.66.0.2 local-spi 1030 remote-ip 10.66.0.1 remote-spi 1031
2.3、配置本端加密算法和密钥
set interface ipsec key ipsec0 local crypto aes-cbc-128 123456
2.4、配置对端加密算法和密钥
set interface ipsec key ipsec0 remote crypto aes-cbc-128 123456
2.5、配置本端认证算法和密钥
set interface ipsec key ipsec0 local integ sha1-96 123456
2.6、配置对端认证算法和密钥
set interface ipsec key ipsec0 remote integ sha1-96 123456
2.7、启用IPSec接口
set int state ipsec0 up
2.8、添加IPSec路由
ip route add 10.0.0.0/24 via ipsec0
2.9、IPSec接口绑定到物理口
set interface unnumbered ipsec0 use GigabitEthernet2/3/0