h3c ipsec反向路由注入不成功
Router 1 <H3C>sysSystem View: return to User View with Ctrl+Z.dis cur# version 7.1.059, Alpha 7159# sysname H3C# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0#interface Serial2/0#interface Serial3/0#interface Serial4/0#interface NULL0#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 10.1.1.1 255.255.255.0#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 2.2.2.1 255.255.255.0 ipsec apply policy map1#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 user-role network-operator#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#ipsec transform-set tran1 esp encryption-algorithm des-cbc esp authentication-algorithm sha1#ipsec policy-template temp1 1 transform-set tran1 reverse-route dynamic reverse-route preference 100 reverse-route tag 1000#ipsec policy map1 10 isakmp template temp1#ike proposal 1 encryption-algorithm 3des-cbc#ike keychain key1 pre-shared-key address 2.2.3.1 255.255.255.0 key cipher $c$3$TQN3vJoqLCsJEyejMPfU/YhVIshR9QZKzA==# Router 2 dis cur# version 7.1.059, Alpha 7159# sysname H3C# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0#interface Serial2/0#interface Serial3/0#interface Serial4/0#interface NULL0#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 10.1.2.1 255.255.255.0#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 2.2.3.1 255.255.255.0 ipsec apply policy use1#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 user-role network-operator# ip route-static 2.2.2.0 24 2.2.3.3 ip route-static 10.1.1.0 24 2.2.3.3#acl advanced 3101 rule 0 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255#domain system# domain default enable system#role name level-0 description Predefined level-0 roleno ip route-stadis cur# version 7.1.059, Alpha 7159# sysname H3C# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0#interface Serial2/0#interface Serial3/0#interface Serial4/0#interface NULL0#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 10.1.2.1 255.255.255.0#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 2.2.3.1 255.255.255.0 ipsec apply policy use1#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 user-role network-operator# ip route-static 2.2.2.0 24 2.2.3.3 ip route-static 10.1.1.0 24 2.2.3.3#acl advanced 3101 rule 0 permit ip source 10.1.2.0 0.0.0.255 destination 10.1.1.0 0.0.0.255#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#ipsec transform-set tran1 esp encryption-algorithm des-cbc esp authentication-algorithm sha1#ipsec policy use1 10 isakmp transform-set tran1 security acl 3101 remote-address 2.2.2.1#ike proposal 1 encryption-algorithm 3des-cbc#ike keychain key1 pre-shared-key address 2.2.2.1 255.255.255.255 key cipher $c$3$PW4pM60NS2DCf2F0KRAaTvn3FKWl7poAPQ==# Router 3 <H3C>sysSystem View: return to User View with Ctrl+Z.dis cu# version 7.1.059, Alpha 7159# sysname H3C# system-working-mode standard xbar load-single password-recovery enable lpu-type f-series#vlan 1#interface Serial1/0#interface Serial2/0#interface Serial3/0#interface Serial4/0#interface NULL0#interface GigabitEthernet0/0 port link-mode route combo enable copper ip address 2.2.2.3 255.255.255.0#interface GigabitEthernet0/1 port link-mode route combo enable copper ip address 2.2.3.3 255.255.255.0#interface GigabitEthernet0/2 port link-mode route combo enable copper#interface GigabitEthernet5/0 port link-mode route combo enable copper#interface GigabitEthernet5/1 port link-mode route combo enable copper#interface GigabitEthernet6/0 port link-mode route combo enable copper#interface GigabitEthernet6/1 port link-mode route combo enable copper# scheduler logfile size 16#line class aux user-role network-admin#line class tty user-role network-operator#line class vty user-role network-operator#line aux 0 user-role network-admin#line vty 0 63 user-role network-operator# ip route-static 10.1.1.0 24 2.2.2.1 ip route-static 10.1.2.0 24 2.2.3.1#domain system# domain default enable system#role name level-0 description Predefined level-0 role#role name level-1 description Predefined level-1 role#role name level-2 description Predefined level-2 role#role name level-3 description Predefined level-3 role#role name level-4 description Predefined level-4 role#role name level-5 description Predefined level-5 role#role name level-6 description Predefined level-6 role#role name level-7 description Predefined level-7 role#role name level-8 description Predefined level-8 role#role name level-9 description Predefined level-9 role#role name level-10 description Predefined level-10 role#role name level-11 description Predefined level-11 role#role name level-12 description Predefined level-12 role#role name level-13 description Predefined level-13 role#role name level-14 description Predefined level-14 role#user-group system#return在host2无法ping通host1,查看Router1,发现也没有自动生成的到Router2私网的路由但是如果在host1添加两条到host2私网的路由,就能建立ipsec。
哈哈哈哈哈哈哈哈哈哈 我已经知道原因了,虽然没有人帮我解决,但是我还是很高兴
页:
[1]