Tweet
Mình vừa cấu hình Juniper và Cisco router theo cấu hình dưới, nhưng session ko thấy up, cũng chẳng thấy hơi hám gì.
Các bác có thể xem qua và cho mình ý kiến cho case này nhé.
JUNIPER
set address "home" "fvl-net" A.A.A.A 255.255.255.252
set address "Untrust" "gds-net" B.B.B.B 255.255.255.0
set ike p2-proposal "cisco" group2 esp aes128 md5 second 3600
set ike gateway "GDS" address A.A.B.B Main outgoing-interface "ethernet3" preshare "123456abcdef" proposal "pre-g2-3des-sha"
set vpn "FVL-GDS" gateway "GDS" replay tunnel idletime 0 proposal "cisco"
set vpn "FVL-GDS" proxy-id local-ip A.A.A.A/30 remote-ip B.B.B.B/24 "ANY"
set policy id 20 from "Untrust" to "home" "gds-net" "fvl-net" "ANY" tunnel vpn "FVL-GDS" id 1 pair-policy 21 log
set policy id 21 from "home" to "Untrust" "fvl-net" "gds-net" "ANY" tunnel vpn "FVL-GDS" id 1 pair-policy 20 log
----------------
----------------
CISCO
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 123456abcdef address B.B.A.A
!
!
crypto ipsec transform-set aes-sha esp-aes esp-md5-hmac
!
crypto map ipsec-remoteoffice 11 ipsec-isakmp
set peer B.B.A.A
set transform-set aes-sha
set security-association lifetime seconds 3600
set pfs group2
match address 101
access-list 101 permit ip B.B.B.B 0.0.0.255 A.A.A.A 0.0.0.3
interface f0/0/0
crypto map ipsec-remoteoffice
Các bác có thể xem qua và cho mình ý kiến cho case này nhé.
JUNIPER
set address "home" "fvl-net" A.A.A.A 255.255.255.252
set address "Untrust" "gds-net" B.B.B.B 255.255.255.0
set ike p2-proposal "cisco" group2 esp aes128 md5 second 3600
set ike gateway "GDS" address A.A.B.B Main outgoing-interface "ethernet3" preshare "123456abcdef" proposal "pre-g2-3des-sha"
set vpn "FVL-GDS" gateway "GDS" replay tunnel idletime 0 proposal "cisco"
set vpn "FVL-GDS" proxy-id local-ip A.A.A.A/30 remote-ip B.B.B.B/24 "ANY"
set policy id 20 from "Untrust" to "home" "gds-net" "fvl-net" "ANY" tunnel vpn "FVL-GDS" id 1 pair-policy 21 log
set policy id 21 from "home" to "Untrust" "fvl-net" "gds-net" "ANY" tunnel vpn "FVL-GDS" id 1 pair-policy 20 log
----------------
----------------
CISCO
crypto isakmp policy 15
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key 123456abcdef address B.B.A.A
!
!
crypto ipsec transform-set aes-sha esp-aes esp-md5-hmac
!
crypto map ipsec-remoteoffice 11 ipsec-isakmp
set peer B.B.A.A
set transform-set aes-sha
set security-association lifetime seconds 3600
set pfs group2
match address 101
access-list 101 permit ip B.B.B.B 0.0.0.255 A.A.A.A 0.0.0.3
interface f0/0/0
crypto map ipsec-remoteoffice
Comment