网关到网关的隧道VPN
一、 网络拓扑例图:
Fe1:192.168.0.2/24Ge1:192.168.1.2/24外网Fe2:172.16.0.1/16Ge2:172.16.0.2/16192.168.0.1/24192.168.1.1/24
二、 配置防火墙左,左边的防火墙为F3
1. 定义防火墙接口fe1和fe2:
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
2. 定义vpn:
1) 首先启用vpn功能
2) 配置vpn端点
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
3) 配置vpn隧道
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
3. 定义安全规则:
1) 首先添加一条any到any的ike包过滤
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
2)然后分别添加两条:
192.168.0.1到192.168.1.1的包过滤
192.168.1.1到192.168.0.1的包过滤
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
注意:
在系统监控中的vpn隧道监控中可以查看vpn隧道建立是否成功,如果出现了established证明隧道已经建立
三、 配置防火墙右:
1. 定义防火墙接口ge1和ge2:
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
2. 定义vpn:
1) 首先启用vpn功能
2) 配置vpn端点
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
3) 配置vpn隧道
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
3. 定义安全规则:
1)首先添加一条any到any的ike包过滤
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
2)然后分别添加两条:
192.168.0.1到192.168.1.1的包过滤
192.168.1.1到192.168.0.1的包过滤
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
Generated by Unregistered Batch DOC & DOCX Converter 2011.3.310.1472, please register!
注意:
在系统监控中的vpn隧道监控中可以查看vpn隧道建立是否成功,如果出现了established证明隧道已经建立
因篇幅问题不能全部显示,请点此查看更多更全内容