天融信VPN与H3C5060间IPSEC的配置

不要设置“本地标识”与“对方标识”，“高级配置”里面为默认配置。

第二阶段中“高级配置”也为默认配置。

以下为H3C 5060的配置： [H3C]dis cur #

version 5.20, Release 1910P06, Standard #

sysname H3C #

ike sa keepalive-timer interval 28800 #

ipsec sa global-duration time-based 28800 #

domain default enable system #

dar p2p signature-file cfa0:/p2p_default.mtd #

acl number 3000

rule 0 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.1.0 0.0.0.255 # vlan 1 #

domain system

access-limit disable state active idle-cut disable

self-service-url disable # ike proposal 1

encryption-algorithm 3des-cbc authentication-algorithm md5 #

ike peer topsec proposal 1

pre-shared-key cipher NifQnxkMGKg= remote-address 115.32.1.1 local-address 115.32.1.2 #

ipsec proposal topsec

esp encryption-algorithm 3des #

ipsec policy topsec 1 isakmp security acl 3000 ike-peer topsec proposal topsec #

user-group system #

local-user admin

password cipher .]@USE=B,53Q=^Q`MAF4<1!! authorization-attribute level 3 service-type telnet # cwmp

undo cwmp enable #

controller E1 10/0 #

interface Aux0 async mode flow link-protocol ppp #

interface Cellular0/0 async mode protocol link-protocol ppp #

interface Ethernet0/0 port link-mode route #

interface NULL0 #

interface LoopBack0

ip address 192.168.2.1 255.255.255.255

#

interface GigabitEthernet0/0 port link-mode route

ip address 115.32.1.2 255.255.255.0 ipsec policy topsec #

interface GigabitEthernet0/1 port link-mode route #

interface GigabitEthernet0/2 port link-mode route #

interface Encrypt11/0 #

ip route-static 192.168.1.0 255.255.255.0 115.32.1.1 #

load xml-configuration #

load tr069-configuration #

user-interface con 0 user-interface tty 13 user-interface aux 0 user-interface vty 0 4 # return [H3C]

本文来源：https://www.bwwdw.com/article/es0r.html