H3C MSR系列路由器 IPSec配置
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
2 IKE配置 ............................................................................................................................................. 2-1 2.1 IKE简介 ............................................................................................................................................. 2-1 2.1.1 IKE的安全机制........................................................................................................................ 2-1 2.1.2 IKE的交换过程........................................................................................................................ 2-1 2.1.3 IKE在IPSec中的作用 ...............................................................................Hale Waihona Puke Baidu.............................. 2-2 2.1.4 IPSec与IKE的关系.................................................................................................................. 2-2 2.2 IKE配置任务简介............................................................................................................................... 2-3 2.3 配置本端安全网关的名字 .................................................................................................................. 2-3 2.4 配置IKE安全提议............................................................................................................................... 2-4 2.5 配置IKE对等体 .................................................................................................................................. 2-5 2.6 配置Keepalive定时器 ........................................................................................................................ 2-6 2.7 配置NAT Keepalive定时器 ................................................................................................................ 2-7
目录
1 IPSec配置.......................................................................................................................................... 1-1 1.1 IPSec简介 ......................................................................................................................................... 1-1 1.1.1 IPSec的实现 ........................................................................................................................... 1-1 1.1.2 IPSec基本概念........................................................................................................................ 1-2 1.1.3 加密卡..................................................................................................................................... 1-4 1.1.4 协议规范 ................................................................................................................................. 1-4 1.2 IPSec配置任务简介 ........................................................................................................................... 1-4 1.3 配置访问控制列表 ............................................................................................................................. 1-5 1.4 配置安全提议..................................................................................................................................... 1-5 1.5 配置安全策略..................................................................................................................................... 1-6 1.5.1 手工配置安全策略................................................................................................................... 1-6 1.5.2 配置IKE协商安全策略............................................................................................................. 1-7 1.6 在接口上应用安全策略组 ................................................................................................................ 1-10 1.7 在加密卡接口上绑定安全策略组或者安全策略................................................................................ 1-11 1.8 使能加密引擎功能 ........................................................................................................................... 1-11 1.9 使能主体软件备份功能 .................................................................................................................... 1-12 1.10 配置会话空闲超时时间 .................................................................................................................. 1-12 1.11 使能解封装后IPSec报文的ACL检查功能 ...................................................................................... 1-12 1.12 配置IPSec抗重放功能 ................................................................................................................... 1-13 1.13 配置共享源接口安全策略组........................................................................................................... 1-14 1.14 配置QoS预分类功能...................................................................................................................... 1-14 1.15 IPSec显示和维护........................................................................................................................... 1-15 1.16 IPSec典型配置举例 ....................................................................................................................... 1-15 1.16.1 采用手工方式建立IPSec安全隧道....................................................................................... 1-15 1.16.2 采用IKE方式建立IPSec安全隧道 ........................................................................................ 1-18 1.16.3 使用加密卡进行加/解密和认证............................................................................................ 1-20 1.16.4 配置IPSec接口备份 ............................................................................................................ 1-23
目录
1 IPSec配置.......................................................................................................................................... 1-1 1.1 IPSec简介 ......................................................................................................................................... 1-1 1.1.1 IPSec的实现 ........................................................................................................................... 1-1 1.1.2 IPSec基本概念........................................................................................................................ 1-2 1.1.3 加密卡..................................................................................................................................... 1-4 1.1.4 协议规范 ................................................................................................................................. 1-4 1.2 IPSec配置任务简介 ........................................................................................................................... 1-4 1.3 配置访问控制列表 ............................................................................................................................. 1-5 1.4 配置安全提议..................................................................................................................................... 1-5 1.5 配置安全策略..................................................................................................................................... 1-6 1.5.1 手工配置安全策略................................................................................................................... 1-6 1.5.2 配置IKE协商安全策略............................................................................................................. 1-7 1.6 在接口上应用安全策略组 ................................................................................................................ 1-10 1.7 在加密卡接口上绑定安全策略组或者安全策略................................................................................ 1-11 1.8 使能加密引擎功能 ........................................................................................................................... 1-11 1.9 使能主体软件备份功能 .................................................................................................................... 1-12 1.10 配置会话空闲超时时间 .................................................................................................................. 1-12 1.11 使能解封装后IPSec报文的ACL检查功能 ...................................................................................... 1-12 1.12 配置IPSec抗重放功能 ................................................................................................................... 1-13 1.13 配置共享源接口安全策略组........................................................................................................... 1-14 1.14 配置QoS预分类功能...................................................................................................................... 1-14 1.15 IPSec显示和维护........................................................................................................................... 1-15 1.16 IPSec典型配置举例 ....................................................................................................................... 1-15 1.16.1 采用手工方式建立IPSec安全隧道....................................................................................... 1-15 1.16.2 采用IKE方式建立IPSec安全隧道 ........................................................................................ 1-18 1.16.3 使用加密卡进行加/解密和认证............................................................................................ 1-20 1.16.4 配置IPSec接口备份 ............................................................................................................ 1-23