C114门户论坛百科APPEN| 举报 切换到宽版

亚星游戏官网

 找回密码
 注册

只需一步,快速开始

短信验证,便捷登录

搜索
查看: 1899|回复: 8

[原创] [复制链接]

军衔等级:

亚星游戏官网-yaxin222  上校

注册:2007-8-14
发表于 2007-8-18 09:40:00 |显示全部楼层
<p class="MsoNormal" align="center" style="MARGIN: 0cm 0cm 0pt 10.5pt; LINE-HEIGHT: 150%; TEXT-ALIGN: center; mso-para-margin-left: 1.0gd;"><strong><span lang="EN-US"><font face="Times New Roman">VPN</font></span></strong><strong><span style="FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;;">配置简单说明书</span></strong><span lang="EN-US" style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%;"><p></p></span></p><p class="MsoNormal" style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: break-all; LINE-HEIGHT: 150%;"><span style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;;">一、</span><span lang="EN-US" style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%;"><font face="Times New Roman">&nbsp;IKE</font></span><span style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;;">协商的阶段简单描述:</span><span lang="EN-US" style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%;"><font face="Times New Roman">
                                <p></p></font></span></p><p style="WORD-BREAK: break-all; LINE-HEIGHT: 150%;"><span lang="EN-US" style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%;"><font face="宋体">IKE</font></span><span style="FONT-SIZE: 9pt; LINE-HEIGHT: 150%;"><font face="宋体">协商可以和<span lang="EN-US">TCP</span>的三次握手来类比,只不过<span lang="EN-US">IKE</span>协商要比<span lang="EN-US">TCP</span>的三次握手要复杂一些,<span lang="EN-US">IKE</span>协商采用的<span lang="EN-US">UDP</span>报文格式,默认端口是<span lang="EN-US">500</span>,在主模式下,一个正常的<span lang="EN-US">IKE</span>协商过程需要经过<span lang="EN-US">9</span>个报文的来回,才最终建立起通信双方所需要的<span lang="EN-US">IPSec&nbsp;SA</span>,然后双方利用该<span lang="EN-US">SA</span>就可以对数据流进行加密和解密。下面结合简单描述一下协商的过程。</font><span lang="EN-US"><br/></span><font face="宋体">假设<span lang="EN-US">A</span>和<span lang="EN-US">B</span>进行通信,<span lang="EN-US">A</span>作为发起方,<span lang="EN-US">A</span>发送的第一个报文内容是本地所支撑的<span lang="EN-US">IKE</span>的策略(即下面所提到的<span lang="EN-US">亚星游戏官网-yaxin222olicy</span>),该<span lang="EN-US">policy</span>的内容有加密算法、<span lang="EN-US">hash</span>算法、<span lang="EN-US">D-H</span>组、认证方式、<span lang="EN-US">SA</span>的生存时间等<span lang="EN-US">5</span>个元素。这<span lang="EN-US">5</span>个元素里面值得注意的是认证方式,目前采用的主要认证方式有预共享和数字证书。在简单的<span lang="EN-US">VPN</span>应用中,一般采用预共享方式来认证身份。在本文的配置中也是以预共享为例来说明的。可以配置多个策略,对端只要有一个与其相同,对端就可以采用该<span lang="EN-US">policy</span>,并在第二个报文中将该<span lang="EN-US">policy</span>发送回来,表明采用该<span lang="EN-US">policy</span>为后续的通信进行保护。第三和第四个报文是进行<span lang="EN-US">D-H</span>交换的<span lang="EN-US">D-H</span>公开值,这与具体的配置影响不大。在完成上面四个报文交换后,利用<span lang="EN-US">D-H</span>算法,<span lang="EN-US">A</span>和<span lang="EN-US">B</span>就可以协商出一个公共的秘密,后续的密钥都是从该秘密衍生出来的。第五和第六个报文是身份验证过程,前面已经提高后,有两种身份验证方式<span lang="EN-US">——</span>预共享和数字证书,在这里,<span lang="EN-US">A</span>将其身份信息和一些其他信息发送给<span lang="EN-US">B</span>,<span lang="EN-US">B</span>接受到后,对<span lang="EN-US">A</span>的身份进行验证,同时<span lang="EN-US">B</span>将自己的身份信息也发送给<span lang="EN-US">A</span>进行验证。采用预共享验证方式的时候,需要配置预共享密钥,标识身份有两种方式,其一是<span lang="EN-US">IP</span>地址,其二是主机名(<span lang="EN-US">hostname</span>)。在一般的配置中,可以选用<span lang="EN-US">IP</span>地址来标识身份。完成前面六个报文交换的过程,就是完成<span lang="EN-US">IKE</span>第一阶段的协商过程。如果打开调试信息,会看到<span lang="EN-US">IKE&nbsp;SA&nbsp;Establish</span>(<span lang="EN-US">IKE&nbsp;SA</span>已经建立),也称作主模式已经完成。</font><span lang="EN-US"><br/><font face="宋体">IKE</font></span><font face="宋体">的第二阶段是快速模式协商的过程。该模式中的三个报文主要是协商<span lang="EN-US">IPSec&nbsp;SA</span>,利用第一阶段所协商出来的公共的秘密,可以为该三个报文进行加密。在配置中,主要涉及到数据流、变换集合以及对完美前向保护(<span lang="EN-US">亚星游戏官网-yaxin222FS</span>)的支撑。在很多时候,会发现<span lang="EN-US">IKE&nbsp;SA</span>已经建立成功,但是<span lang="EN-US">IPSec&nbsp;SA</span>无法建立起来,这时最有可能的原因是数据流是否匹配(<span lang="EN-US">A</span>所要保护的数据流是否和<span lang="EN-US">B</span>所保护的数据流相对应)、变换集合是否一致以及<span lang="EN-US">pfs</span>配置是否一致。</font><span lang="EN-US"><br/></span><font face="宋体">二、<span lang="EN-US">&nbsp;IKE</span>、<span lang="EN-US">IPSec</span>配置基本步骤</font><span lang="EN-US"><br/><font face="宋体">1</font></span><font face="宋体">.配置<span lang="EN-US">IKE&nbsp;</span>策略(<span lang="EN-US">policy</span>)</font><span lang="EN-US"><br/><font face="宋体">policy</font></span><font face="宋体">就是上图中的<span lang="EN-US">IKE</span>策略。<span lang="EN-US">亚星游戏官网-yaxin222olicy</span>里面的内容有<span lang="EN-US">hash</span>算法、加密算法、<span lang="EN-US">D-H</span>组、生存时间。可以配置多个<span lang="EN-US">policy</span>,只要对端有一个相同的,双方就可以采用该<span lang="EN-US">policy</span>,不过要主要<span lang="EN-US">policy</span>中的认证方式,因为认证方式的不同会影响后续的配置不同。一般采用预共享(<span lang="EN-US">preshare</span>)。在目前的安全路由器和<span lang="EN-US">VPN3020</span>上的实现上都有默认的配置选项,也就是说如果你新增加一条策略后,即使什么都不配置,退出后,也会有默认值的。</font><span lang="EN-US"><br/><font face="宋体">2</font></span><font face="宋体">.配置预共享密钥(<span lang="EN-US">preshare</span>)</font><span lang="EN-US"><br/></span><font face="宋体">在配置预共享密钥的时候,需要选择是<span lang="EN-US">IP</span>地址还是<span lang="EN-US">Hostname</span>来标识该密钥,如果对端是<span lang="EN-US">IP</span>地址标识身份,就采用<span lang="EN-US">IP</span>地址来标识密钥;如果对端是<span lang="EN-US">Hostname</span>来标识身份,则采用<span lang="EN-US">hostname</span>来标识密钥。</font><span lang="EN-US"><br/><font face="宋体">3</font></span><font face="宋体">.配置本端标识(<span lang="EN-US">localid</span>)</font><span lang="EN-US"><br/></span><font face="宋体">本端标识有<span lang="EN-US">IP</span>地址和<span lang="EN-US">Hostname</span>,在安全路由器上,默认的是用<span lang="EN-US">IP</span>地址来标识。即不配置本端标识,就表示是用<span lang="EN-US">IP</span>地址来标识。</font><span lang="EN-US"><br/></span><font face="宋体">以上三个步骤就完成<span lang="EN-US">IKE</span>的配置,以下是<span lang="EN-US">IPSec</span>的配置:</font><span lang="EN-US"><br/><font face="宋体">4</font></span><font face="宋体">.配置数据流(<span lang="EN-US">access-list</span>)</font><span lang="EN-US"><br/></span><font face="宋体">很容易理解,部署任何<span lang="EN-US">VPN</span>都需要对数据流所限制,不可能对所有的数据流都进行加密(<span lang="EN-US">any&nbsp;to&nbsp;any</span>)。配置好数据流后,在加密映射(<span lang="EN-US">map</span>)中引用该数据流。</font><span lang="EN-US"><br/><font face="宋体">5</font></span><font face="宋体">.配置变换集合(<span lang="EN-US">transform-set</span>)</font><span lang="EN-US"><br/></span><font face="宋体">变换集合是某个对等方能接受的一组<span lang="EN-US">IPSec</span>协议和密码学算法。双方只要一致即可。注意,在<span lang="EN-US">VPN3020</span>和带加密模块的安全路由器上支撑国密办的<span lang="EN-US">SSP02</span>算法。</font><span lang="EN-US"><br/><font face="宋体">6</font></span><font face="宋体">.配置加密映射(<span lang="EN-US">map</span>)</font><span lang="EN-US"><br/></span><font face="宋体">为<span lang="EN-US">IPSec</span>创建的加密映射条目使得用于建立<span lang="EN-US">IPSec</span>安全联盟的各个部件协调工作,它包括以下部分:</font><span lang="EN-US"><br/><font face="宋体">l&nbsp;</font></span><font face="宋体">所要保护的数据流(引用步骤<span lang="EN-US">4</span>所配置的数据流)</font><span lang="EN-US"><br/><font face="宋体">l&nbsp;</font></span><font face="宋体">对端的<span lang="EN-US">IP</span>地址(这个是必须的,除非是动态加密映射,见本文后面的章节)</font><span lang="EN-US"><br/><font face="宋体">l&nbsp;</font></span><font face="宋体">对所要保护的数据流采用什么加密算法和采用什么安全协议(引用步骤<span lang="EN-US">5</span>所配置的变换集合)</font><span lang="EN-US"><br/><font face="宋体">l&nbsp;</font></span><font face="宋体">是否需要支撑<span lang="EN-US">亚星游戏官网-yaxin222FS</span>(双方要一致)</font><span lang="EN-US"><br/><font face="宋体">l&nbsp;SA</font></span><font face="宋体">的生存时间(是可选的,不配置的话有默认值)</font><span lang="EN-US"><br/><font face="宋体">7</font></span><font face="宋体">.应用(激活)加密映射</font><span lang="EN-US"><br/></span><font face="宋体">在安全路由器上是将该加密映射应用到接口上去,而在<span lang="EN-US">VPN3020</span>上是激活(<span lang="EN-US">active</span>)该<span lang="EN-US">map</span>。</font><span lang="EN-US"><br/></span><font face="宋体">三、<span lang="EN-US">&nbsp;</span>动态加密映射技术</font><span lang="EN-US"><br/></span><font face="宋体">目前,安全路由器系列和<span lang="EN-US">VPN</span>系列均支撑动态加密映射。什么是动态加密映射?动态加密映射所应用的环境是什么呢?大家可以从以下的一个案例中来说明动态加密映射的概念。如下图:<span lang="EN-US"><p></p></span></font></span></p><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><br/></span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">在上图的网络拓扑中,</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">MP803</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">接入</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">Internet</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">的并不是宽带接入(固定</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">IP</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">地址),而是在通过电信</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">ADSL</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">拨号来获取到</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">IP</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">地址,不是固定的</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">IP</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">地址。这时候,对于上端</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">MP2600A</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">来说,就存在问题了,回想一下前面所描述的配置步骤,在步骤六中配置加密映射的时候,需要配置对端的</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">peer&nbsp;IP</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">地址,这时候怎么办呢?或许您想到</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">——</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">那我每次拨号获取到</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">IP</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">地址后,再在两端来配置</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">IPSec——</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">这种解决办法是</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">OK</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">的,只要客户或者您自己容忍每次</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">MP803</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">重新拨号后,您重新去更改配置。显然,这样方法充其量只能用来测试的。</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><br/></span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">动态加密映射就是用来解决这类问题的。顾名思义,动态加密映射,就是说,在配置加密映射的时候,不需要配置对端的</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">peer&nbsp;IP</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">地址。目前,安全路由器和</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">VPN</span><span style="FONT-SIZE: 9pt; FONT-FAMILY: 宋体; mso-ascii-font-family: &quot;Times New Roman&quot;; mso-hansi-font-family: &quot;Times New Roman&quot;; mso-font-kerning: 1.0pt; mso-bidi-font-family: &quot;Times New Roman&quot;; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;">系列都支撑动态加密映射,但由于两者实现上的差异,导致他们在配置动态加密映射的时候存在一些不同,在后文的实际配置案例中会讲到。</span><span lang="EN-US" style="FONT-SIZE: 9pt; FONT-FAMILY: &quot;Times New Roman&quot;; mso-fareast-font-family: 宋体; mso-font-kerning: 1.0pt; mso-ansi-language: EN-US; mso-fareast-language: ZH-CN; mso-bidi-language: AR-SA;"><br style="mso-special-character: line-break;"/><br style="mso-special-character: line-break;"/></span>

举报本楼

本帖有 8 个回帖,您需要登录后才能浏览 登录 | 注册
您需要登录后才可以回帖 登录 | 注册 |

手机版|C114 ( 沪ICP备12002291号-1 )|联系大家 |网站地图  

GMT+8, 2024-11-18 06:38 , Processed in 2.432978 second(s), 15 queries , Gzip On.

Copyright © 1999-2023 C114 All Rights Reserved

Discuz Licensed

回顶部
XML 地图 | Sitemap 地图