MSR30-20用在社保.做为客户端,cisco的设备用在医保,做为服务端.二边用IPSEC 做VPN,我在MSR30-20上配了相应的参数.但是二边连不通.请各位大哥帮忙看下是不是哪没配好.谢谢!!在问下。h3c的路由器和cisco的路由器做IPSEC应该没问题吧？对方说cisco和H3C的做不成。有冲突！叫我们换设备。我晕！
下面是医保给的一些配置参数,只给了这些.没有给具体cisco上的配置:
内网ip:10.178.64.16/248  外网:2.2.2.2
crypto isakmp key 111
crypot ipsec transform-set c7200 esp-des
ipsec-isakmp
crypto isakmp policy 10
hash md5
authentication pre-share

下面是MSR30-20的配置:
[H3C]dis cu
#
version 5.20, Release 1618P07, Standard
#
sysname H3C
#
domain default enable system
#
telnet server enable
#
acl number 3000
rule 0 permit ip source 192.168.0.0 0.0.0.255 destination 10.178.64.0 0.0.0.255
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
#
ike peer peer
pre-shared-key simple 111
remote-address 2.2.2.2
#
ipsec proposal vpn
#
ipsec policy vpnmap 10 isakmp
security acl 3000
ike-peer peer
proposal vpn
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet
level 3
#
interface Aux0
async mode flow
link-protocol ppp
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
ip address 192.168.0.253 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
ip address 220.165.X.X 255.255.255.252
ipsec policy vpnmap
#
ip route-static 0.0.0.0 0.0.0.0 220.165.X.X
ip route-static 10.178.64.0 255.255.255.0 2.2.2.2
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
[H3C]

[ 本帖最后由 99k1 于 2008-7-21 23:34 编辑 ]

对方路由器上有回程路由吗？

两边都要做ACL

对方的配置拿不到。对方好像不愿意给。难办呀。。对方只说他们那边没问题！！h3c的路由器和cisco的路由器做IPSEC应该没问题吧？对方说cisco和H3C的做不成。有冲突！叫我们换设备。我晕！

在ipsec proposal vpn下面是不是应该有
encapsulation tunnel
encaptransform esp
esp encryption-algorithm des
esp authentication-algorithm md5
这几句？

[ 本帖最后由 wanghaoqd 于 2008-7-22 13:13 编辑 ]

会不会是两边的协议不对