转:建立RouterOS与Fortigate 之间的IPSec tunnel
拓扑如下:http://blog.bigcomic.com/upload/top_1_thumb_1.png
RouterOS 端设置:
policy
ip ipsec policy> pr
Flags: X - disabled, D - dynamic, I - invalid
0 src-address=192.168.2.0/24:any dst-address=192.168.1.0/24:any protocol=all
action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=1.1.1.1 sa-dst-address=2.2.2.2
proposal=default manual-sa=none dont-fragment=clear
peer
ip ipsec peer> pr
Flags: X - disabled
0 address=2.2.2.2/32:500 secret="password"
generate-policy=yes exchange-mode=main send-initial-contact=yes
proposal-check=obey hash-algorithm=md5 enc-algorithm=aes-256
dh-group=modp1536 lifetime=30m lifebytes=0
proposal
ip ipsec proposal> pr
Flags: X - disabled
0 name="default" auth-algorithms=sha1 enc-algorithms=3des lifetime=30m
lifebytes=0 pfs-group=modp1536 我也最近晕了,FORTIGATE到VIGOR IPSEC可以通,ROS到VIGOR通了后,却总是一有边PING不通。
页:
[1]