...
2) Информация о состоянии протокола OSPF и IPSec туннеля:
Блок кода |
---|
esr# show ip ospf neighbors Router ID Pri State DTime Interface Router IP --------- --- ----- ----- ----------------- --------- 10.110.0.65 1 Full/BDR 00:3536 gre 1 10.110.0.65 esr# show security ipsec vpn status IPSEC Currently active IKE SA: Name: IPSEC State: Established Version: v1-only Unique ID: 3 1 Local host: 100.100.0.2 Remote host: 10.10.0.13 Role: Initiator Responder Initiator spi: 0x15dc63f5881abbb0 0xc6518822b67d5635 Responder spi: 0xd45e86e5abb121d9 0x8f9084d1b93f1ccc Encryption algorithm: des aes128 Authentication algorithm: sha1 Diffie-Hellman group: 2 Established: 12 minutes 1 minute and 3421 seconds ago Rekey time: 12 minutes and 34 1 minute and 21 seconds Reauthentication time: 23 hours, 3243 minutes and 735 seconds Child IPsec SAs: Name: IPSEC-2 State: Installed Protocol: esp Mode: Tunnel Encryption algorithm: aes128 Authentication algorithm: sha1 Rekey time: 32 minutes 45 minutes and 53 seconds Life time: 47 58 minutes and 2639 seconds Established: 12 minutes 1 minute and 3421 seconds ago Traffic statistics: Input bytes: 540 832 Output bytes: 540 736 Input packets: 5 8 Output packets: 5 8 ------------------------------------------------------------- |
Cisco:
1) Конфигурация:
Блок кода |
---|
crypto isakmp policy 2 encr aes authentication pre-share group 2 crypto isakmp key password address 100.100.0.2 ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set strongIPsec esp-aes esp-sha-hmac ! crypto map mymap local-address FastEthernet0/0 crypto map mymap 119 ipsec-isakmp setprofile peer 100.100.0.2IPsec_profile set transform-set strongIPsec match address 119 ! ! interface Loopback1 ip address 1.1.1.1 255.255.255.255 ! ! interface Tunnel2 ip address 10.110.0.65 255.255.255.252 ip ospf network broadcast ip ospf 1 area 0.0.0.1 ip ospf network broadcast tunnel source 10.10.0.13 tunnel destination 100.100.0.2 ! tunnel protection ipsec profile IPsec_profile ! interface FastEthernet0/0 ip address 10.10.0.13 255.255.255.0 duplex auto speed auto crypto mapfull-duplex mymap ! router ospf 1 router-id 10.110.0.65 log-adjacency-changes ! ip route 100.100.0.0 255.255.255.0 10.10.0.1 ip route 0.0.0.0 0.0.0.0 Tunnel2 ! access-list 119 permit gre host 10.10.0.13 host 100.100.0.2 |
2) Информация о состоянии протокола OSPF и IPSec туннеля:
Блок кода |
---|
Router#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.110.0.66 0 128 FULL/DR - 00:00:3233 10.110.0.66 Tunnel2 Router#show crypto ipsec sa interface: FastEthernet0/0 Tunnel2 Crypto map tag: mymapTunnel2-head-0, local addr 10.10.0.13 protected vrf: (none) local ident (addr/mask/prot/port): (10.10.0.13/255.255.255.255/47/0) remote ident (addr/mask/prot/port): (100.100.0.2/255.255.255.255/47/0) current_peer 100.100.0.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 531, #pkts encrypt: 531, #pkts digest: 531 #pkts decaps: 528, #pkts decrypt: 528, #pkts verify: 528 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 07, #recv errors 0 local crypto endpt.: 10.10.0.13, remote crypto endpt.: 100.100.0.2 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0 current outbound spi: 0xC9A1F2920xC9AC095C(33828338103383495004) PFS (Y/N): YN, DH group: group2 none inbound esp sas: spi: 0x7783E2D20x5F736BDD(20051319861601399773) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 20012007, flow_id: FPGA:17, sibling_flags 80000046, crypto map: mymap Tunnel2-head-0 sa timing: remaining key lifetime (k/sec): (44803124410255/30333460) IV size: 16 bytes replay detection support: Y Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0xC9A1F2920xC9AC095C(33828338103383495004) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 20022008, flow_id: FPGA:28, sibling_flags 80000046, crypto map: mymap Tunnel2-head-0 sa timing: remaining key lifetime (k/sec): (44803124410255/30333460) IV size: 16 bytes replay detection support: Y Status: ACTIVE outbound ah sas: outbound pcp sas: |