...
| Блок кода |
|---|
router ospf log-adjacency-changes
router ospf 1
router-id 10.10.10.3
area 0.0.0.0
network 2.2.2.2/32
enable
exit
enable
exit
interface gigabitethernet 1/0/1
ip firewall disable
ip address 192.168.39.216/20
exit
interface loopback 1
ip address 2.2.2.2/32
exit
tunnel gre 1
key 60
ttl 250
mtu 1472
multipoint
ip firewall disable
local interface gigabitethernet 1/0/1
ip address 10.10.10.3/24
ip ospf instance 1
ip ospf
ip tcp adjust-mss 1432
ip nhrp authentication <password>
ip nhrp holding-time 360
ip nhrp map 10.10.10.1 192.0.2.2
ip nhrp nhs 10.10.10.1/24
ip nhrp ipsec IPSECVPN_HUB static
ip nhrp ipsec IPSECVPN_SPOKE dynamic
ip nhrp multicast nhs
ip nhrp enable
enable
exit
security ike proposal IKEPROP
encryption algorithm aes192
dh-group 2
exit
security ike policy IKEPOLICY
pre-shared-key ascii-text <password>
proposal IKEPROP
exit
security ike gateway IKEGW_HUB
ike-policy IKEPOLICY
local address 192.168.39.216
local network 192.168.39.216/32 protocol gre
remote address 192.0.2.2
remote network 192.0.2.2/32 protocol gre
mode policy-based
exit
security ike gateway IKEGW_SPOKE
ike-policy IKEPOLICY
local address 192.168.39.216
local network 192.168.39.216/32 protocol gre
remote address any
remote network any
mode policy-based
exit
security ipsec proposal IPSECPROP
encryption algorithm aes192
exit
security ipsec policy IPSECPOLICY
proposal IPSECPROP
exit
security ipsec vpn IPSECVPN_HUB
mode ike
type transport
ike establish-tunnel route
ike gateway IKEGW_HUB
ike ipsec-policy IPSECPOLICY
enable
exit
security ipsec vpn IPSECVPN_SPOKE
mode ike
type transport
ike establish-tunnel route
ike gateway IKEGW_SPOKE
ike ipsec-policy IPSECPOLICY
enable
exit
security passwords history 0
ip route 192.0.2.2/32 192.168.39.2151
ip route 192.0.4.2/32 192.168.39.2151 |
2) Диагностика
| Блок кода |
|---|
ESR# sh security ipsec vpn status
Name Local host Remote host Initiator spi Responder spi State
------------------------------- --------------- --------------- ------------------ ------------------ -----------
IPSECVPN_HUB 192.168.39.216 192.0.2.2 0x121319af1595214c 0xa3d8bd202e50320b Established
IPSECVPN_SPOKE 192.168.39.216 192.0.4.2 0x997a2d4ddc2a3cac 0x887bd45f6a25028e Established
ESR#
ESR#
ESR# sh security ipsec vpn status IPSECVPN_HUB
Currently active IKE SA:
Name: IPSECVPN_HUB
State: Established
Version: v1-only
Unique ID: 1
Local host: 192.168.39.216
Remote host: 192.0.2.2
Role: Initiator
Initiator spi: 0x121319af1595214c
Responder spi: 0xa3d8bd202e50320b
Encryption algorithm: aes192
Authentication algorithm: sha1
Diffie-Hellman group: 2
Established: 1 hour, 27 minutes and 46 seconds ago
Rekey time: 1 hour, 27 minutes and 46 seconds
Reauthentication time: 1 hour, 15 minutes and 12 seconds
Child IPsec SAs:
Name: dmvpn_192.168.39.216_192.0.2.2-7
State: Installed
Protocol: esp
Mode: Tunnel
Encryption algorithm: aes192
Authentication algorithm: sha1
Rekey time: 2 minutes and 44 seconds
Life time: 14 minutes and 55 seconds
Established: 45 minutes and 5 seconds ago
Traffic statistics:
Input bytes: 45592
Output bytes: 32192
Input packets: 436
Output packets: 319
-------------------------------------------------------------
ESR# sh security ipsec vpn status IPSECVPN_SPOKE
Currently active IKE SA:
Name: IPSECVPN_SPOKE
State: Connecting
Version: v1-only
Unique ID: 13
Local host: 192.168.39.216
Remote host: 224.0.0.5
Role: Initiator
Initiator spi: 0x35ece26be25cec50
Responder spi: 0x0000000000000000
Currently active IKE SA:
Name: IPSECVPN_SPOKE
State: Established
Version: v1-only
Unique ID: 14
Local host: 192.168.39.216
Remote host: 192.0.4.2
Role: Initiator
Initiator spi: 0x997a2d4ddc2a3cac
Responder spi: 0x887bd45f6a25028e
Encryption algorithm: aes192
Authentication algorithm: sha1
Diffie-Hellman group: 2
Established: 1 minute and 37 seconds ago
Rekey time: 1 minute and 37 seconds
Reauthentication time: 2 hours, 48 minutes and 34 seconds
Child IPsec SAs:
Name: dmvpn_192.168.39.216_192.0.4.2-9
State: Installed
Protocol: esp
Mode: Tunnel
Encryption algorithm: aes192
Authentication algorithm: sha1
Rekey time: 46 minutes and 1 second
Life time: 58 minutes and 23 seconds
Established: 1 minute and 37 seconds ago
Traffic statistics:
Input bytes: 1396
Output bytes: 1344
Input packets: 12
Output packets: 12
-------------------------------------------------------------
ESR#
ESR# sh ip ospf neighbors
Router ID Pri State DTime Interface Router IP
--------- --- ----- ----- ----------------- ---------
10.10.10.1 255 Full/DR 00:31 gre 1 10.10.10.1
ESR#
ESR# sh ip route ospf
O * 1.1.1.1/32 [150/11] via 10.10.10.1 on gre 1 [ospf1 13:58:42] (10.10.10.1)
O 10.10.10.0/24 [150/10] dev gre 1 [ospf1 13:58:37] (10.10.10.1)
O * 3.3.3.3/32 [150/11] via 10.10.10.2 on gre 1 [ospf1 14:25:24] (10.10.10.2)
|
...