huawei ipsec v p n

實驗拓撲圖：
![]

實驗目的：
武漢分公司和哈爾濱總部通過ipsec v p n 建立連接，實現兩邊內網互相訪問。

主要記錄ipsec的配置。
預先配置好模擬環境，武漢和哈爾濱的pc可以正常去訪問公網，也就是這個區域的網絡

武漢出口路由配置：

<wuhan-r>dis ip rout | in Sta
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

0.0.0.0/0   Static  60   0          RD   222.73.1.1      GigabitEthernet0/0/0
192.168.0.0/16  Static  60   0          RD   1.1.1.2         GigabitEthernet0/0/1

<wuhan-r>

哈爾濱出口路由配置：

<wuhan-r>dis ip rout | in Sta
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 12       Routes : 12       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

0.0.0.0/0   Static  60   0          RD   222.73.1.1      GigabitEthernet0/0/0
192.168.0.0/16  Static  60   0          RD   1.1.1.2         GigabitEthernet0/0/1

<wuhan-r>

武漢nat配置：

<wuhan-r>dis acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
rule 10 permit source 192.168.0.0 0.0.255.255 

<wuhan-r>dis nat ou 
<wuhan-r>dis nat outbound 
NAT Outbound Information:
-------------------------------------------------------------------------
Interface                     Acl     Address-group/IP/Interface      Type
-------------------------------------------------------------------------
GigabitEthernet0/0/0         2000                     222.73.1.2    easyip  
-------------------------------------------------------------------------
Total : 1
<wuhan-r>

哈爾濱nat配置：

<haerb-r>dis acl 2000
Basic ACL 2000, 1 rule
Acl's step is 5
 rule 10 permit source 172.16.0.0 0.0.255.255 

<haerb-r>dis nat out    
<haerb-r>dis nat outbound 
 NAT Outbound Information:
 --------------------------------------------------------------------------
 Interface                     Acl     Address-group/IP/Interface      Type
 --------------------------------------------------------------------------
 GigabitEthernet0/0/0         2000                     180.73.2.2    easyip  
 --------------------------------------------------------------------------
  Total : 1
<haerb-r>

二層配置不做介紹。
現在武漢和哈爾濱內部pc可以正常上網。但是武漢和哈爾濱pc不能相互訪問，這個時候配置ipsec v pn實現武漢和哈爾濱能內網能相互訪問。

配置 待更新

參考：https://support.huawei.com/enterprise/zh/routers/ar2200-pid-6078842?category=configuration-commissioning