route 220.249.253.0/24 next-hop 220.249.253.129; route 211.139.188.0/24 next-hop 220.249.253.129; route 124.160.0.0/24 next-hop 220.249.253.129; route 222.248.234.0/24 next-hop 220.249.253.129; } }
security { ike {
traceoptions {
file IKE size 4m; flag all; flag ike; }
proposal phase1-proposal {
authentication-method pre-shared-keys; dh-group group2;
authentication-algorithm md5; encryption-algorithm des-cbc; lifetime-seconds 86400; }
proposal cnc-ike-proposal {
authentication-method pre-shared-keys; dh-group group2;
authentication-algorithm md5; encryption-algorithm des-cbc; lifetime-seconds 86400; }
policy ike-policy {
mode aggressive;
proposals phase1-proposal;
pre-shared-key ascii-text \SECRET-DATA }
policy cnc-ike-policy { mode aggressive;
proposals cnc-ike-proposal; pre-shared-key ascii-text \SECRET-DATA }
gateway ike-gateway1 { ike-policy ike-policy;
dynamic hostname vpntest12; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius;
## ## }
gateway vpn-test1-gw {
ike-policy cnc-ike-policy;
dynamic hostname vpntest11; external-interface ge-0/0/1.0; xauth access-profile ACS_Radius; }
gateway ike-vpntest5 { ike-policy ike-policy;
dynamic hostname vpntest5; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-vpntest4 { ike-policy ike-policy;
dynamic hostname vpntest4; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-vpntest3 { ike-policy ike-policy;
dynamic hostname vpntest3; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-vpntest2 { ike-policy ike-policy;
dynamic hostname vpntest2; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-vpntest1 { ike-policy ike-policy;
dynamic hostname vpntest1; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_huatai01 { ike-policy ike-policy;
dynamic hostname s_huatai01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_dongfang01 {
ike-policy ike-policy;
dynamic hostname s_dongfang01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_xiangcai01 { ike-policy ike-policy;
dynamic hostname s_xiangcai01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_shenywg01 { ike-policy ike-policy;
dynamic hostname s_shenywg01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_aijian01 { ike-policy ike-policy;
dynamic hostname s_aijian01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_dongwu01 { ike-policy ike-policy;
dynamic hostname s_dongwu01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_caitong01 { ike-policy ike-policy;
dynamic hostname s_caitong01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_zhongxjt01 { ike-policy ike-policy;
dynamic hostname s_zhongxjt01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_zheshang01 { ike-policy ike-policy;
dynamic hostname s_zheshang01;
external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-s_hongyuan01 { ike-policy ike-policy;
dynamic hostname s_hongyuan01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-f_yimin01 { ike-policy ike-policy;
dynamic hostname f_yimin01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; }
gateway ike-f_changxin01 { ike-policy ike-policy;
dynamic hostname f_changxin01; external-interface ge-0/0/0.0; xauth access-profile ACS_Radius; } }
ipsec {
proposal phase2-proposal { protocol esp;
authentication-algorithm hmac-sha1-96; encryption-algorithm 3des-cbc; }
proposal cnc-ipsec-proposal { protocol esp;
authentication-algorithm hmac-md5-96; encryption-algorithm 3des-cbc; }
policy ipsec-policy {
perfect-forward-secrecy { keys group2; }
proposals phase2-proposal; }
policy cnc-ipsec-policy {
perfect-forward-secrecy { keys group2; }
proposals cnc-ipsec-proposal;
相关推荐:
loading