MSR系列路由器
使用加密卡处理IPSec功能的配置
关键字:MSR;IPSec;IKE;加密卡;调试
一、组网需求:
RT1和RT2建立IPSec连接,RT1使用加密卡进行数据加密、解密处理
设备清单:MSR系列路由器2台
二、组网图:
三、配置步骤:
设备和版本:MSR系列、Version 5.20, Release
1509
RT1配置 |
# //IKE
Peer配置 ike peer 20 pre-shared-key h remote-address # //IPSec提议配置 ipsec proposal def encapsulation-mode transport # //IPSec策略配置 ipsec policy 20 1 isakmp security acl
3000 ike-peer 20 proposal def # //ACL配置 acl number 3000 rule 0 permit ip
source # //对接接口 interface
GigabitEthernet0/0 port link-mode route combo enable copper ip address //绑定IPSec策略 ipsec policy
20 # //加密卡视图 interface Encrypt11/0 //绑定IPSec策略20 ipsec binding
policy 20 # |
RT2配置 |
# //IKE
Peer配置 ike peer 50 pre-shared-key h remote-address # //IPSec提议配置 ipsec proposal def encapsulation-mode transport # //IPSec策略配置 ipsec policy 50 1 isakmp security acl
3000 ike-peer 50 proposal def # //ACL配置 acl number 3000 rule 0 permit ip
source # //对接接口 interface
Ethernet0/0 port link-mode route combo enable copper ip address //绑定IPSec策略 ipsec policy
50 # |
RT1上进行IPSec调试 |
msr50>display
debugging IPSec
packet debugging switch is on <msr50>ping
-c 1 *Jan 16
14:17:18:273 2007 msr50 IPSEC/7/DBG:--- Receive IPSec(ESP) packet --- *Jan 16
14:17:18:273 2007 msr50 IPSEC/7/DBG:Src: *Jan 16
14:17:18:273 2007 msr50 IPSEC/7/DBG:New ESP(RFC2406) Enc Alg:DES
Auth Alg:HMAC-MD5-96 *Jan 16
14:17:18:273 2007 msr50 IPSEC/7/DBG:Replay Checking
Enabled! SN:16 Reply from --- 1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = <msr50> <msr50>display
debugging IPSec
packet debugging switch is on interface
Encrypt11/0 Encrypt11/0 Packet debugging switch is
on. <msr50>ping
-c 1 *Jan 16 14:17:51:591 2007 msr50
IPSEC/7/DBG: Send data to encrypt card retry:
success to send data to encrypt card! *Jan 16
14:17:51:594 2007 msr50 IPSEC/7/DBG:--- Receive IPSec(ESP) packet --- *Jan 16
14:17:51:594 2007 msr50 IPSEC/7/DBG:Src: *Jan 16
14:17:51:594 2007 msr50 IPSEC/7/DBG:New ESP(RFC2406) Enc Alg:DES
Auth Alg:HMAC-MD5-96 *Jan 16
14:17:51:594 2007 msr50 IPSEC/7/DBG:Replay Checking
Enabled! SN:17 *Jan 16
14:17:51:594 2007 msr50 IPSEC/7/DBG: Send data to encrypt card retry:
success to send data to encrypt card! Reply from --- 1 packet(s) transmitted 1 packet(s) received 0.00% packet loss round-trip min/avg/max = <msr50> |
四、配置关键点:
1) 在加密卡视图下绑定IPSec策略。