SecPath防火墙和Juniper防火墙实现IPSec互通的典型配置
一、 组网需求:
SecPath防火墙和Juniper防火墙做IPSec VPN互通。 二、 组网图
三、 配置信息
1. SecPath100F的主要配置
#
sysname fenzhi
#
ike local-name fenzhi
#
firewall packet-filter enable
firewall packet-filter default permit
#
ike dpd 1
#
ike peer 1
exchange-mode aggressive
pre-shared-key 123
id-type name
remote-name zhongxin
remote-address 210.22.145.66
nat traversal
dpd 1
#
ipsec proposal 1
#
ipse-template temp 1
ike-peer 1
proposal 1
#
ipsec policy pol1 1 isakmp
security acl 3000
ike-peer 1
proposal 1
#
acl number 3000
rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255
#
interface Ethernet0/0
ip address 202.38.1.2 255.255.0.0
ipsec policy pol1
#
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
#
firewall zone trust
add interface Ethernet0/1
set priority 85
#
firewall zone untrust
add interface Ethernet0/0
set priority 5
#
ip route-static 0.0.0.0 0.0.0.0 202.38.1.1 preference 60
#
2. Juniper防火墙的主要配置(基于路由方式)
配置虚拟接口,起到路由的作用
配置去往分支的路由
配置IKE相关参数
配置IPSec参数和策略
最后配置路由策略(此处未配置)
因篇幅问题不能全部显示,请点此查看更多更全内容