...
Блок кода |
---|
router ospf log-adjacency-changes router ospf 1 router-id 10.10.10.3 area 0.0.0.0 network 2.2.2.2/32 enable exit enable exit interface gigabitethernet 1/0/1 ip firewall disable ip address 192.168.39.216/20 exit interface loopback 1 ip address 2.2.2.2/32 exit tunnel gre 1 key 60 ttl 250 mtu 1472 multipoint ip firewall disable local interface gigabitethernet 1/0/1 ip address 10.10.10.3/24 ip ospf instance 1 ip ospf ip tcp adjust-mss 1432 ip nhrp authentication <password> ip nhrp holding-time 360 ip nhrp map 10.10.10.1 192.0.2.2 ip nhrp nhs 10.10.10.1/24 ip nhrp ipsec IPSECVPN_HUB static ip nhrp ipsec IPSECVPN_SPOKE dynamic ip nhrp multicast nhs ip nhrp enable enable exit security ike proposal IKEPROP encryption algorithm aes192 dh-group 2 exit security ike policy IKEPOLICY pre-shared-key ascii-text <password> proposal IKEPROP exit security ike gateway IKEGW_HUB ike-policy IKEPOLICY local address 192.168.39.216 local network 192.168.39.216/32 protocol gre remote address 192.0.2.2 remote network 192.0.2.2/32 protocol gre mode policy-based exit security ike gateway IKEGW_SPOKE ike-policy IKEPOLICY local address 192.168.39.216 local network 192.168.39.216/32 protocol gre remote address any remote network any mode policy-based exit security ipsec proposal IPSECPROP encryption algorithm aes192 exit security ipsec policy IPSECPOLICY proposal IPSECPROP exit security ipsec vpn IPSECVPN_HUB mode ike type transport ike establish-tunnel route ike gateway IKEGW_HUB ike ipsec-policy IPSECPOLICY enable exit security ipsec vpn IPSECVPN_SPOKE mode ike type transport ike establish-tunnel route ike gateway IKEGW_SPOKE ike ipsec-policy IPSECPOLICY enable exit security passwords history 0 ip route 192.0.2.2/32 192.168.39.2151 ip route 192.0.4.2/32 192.168.39.2151 |
2) Диагностика
Блок кода |
---|
ESR# sh security ipsec vpn status Name Local host Remote host Initiator spi Responder spi State ------------------------------- --------------- --------------- ------------------ ------------------ ----------- IPSECVPN_HUB 192.168.39.216 192.0.2.2 0x121319af1595214c 0xa3d8bd202e50320b Established IPSECVPN_SPOKE 192.168.39.216 192.0.4.2 0x997a2d4ddc2a3cac 0x887bd45f6a25028e Established ESR# ESR# ESR# sh security ipsec vpn status IPSECVPN_HUB Currently active IKE SA: Name: IPSECVPN_HUB State: Established Version: v1-only Unique ID: 1 Local host: 192.168.39.216 Remote host: 192.0.2.2 Role: Initiator Initiator spi: 0x121319af1595214c Responder spi: 0xa3d8bd202e50320b Encryption algorithm: aes192 Authentication algorithm: sha1 Diffie-Hellman group: 2 Established: 1 hour, 27 minutes and 46 seconds ago Rekey time: 1 hour, 27 minutes and 46 seconds Reauthentication time: 1 hour, 15 minutes and 12 seconds Child IPsec SAs: Name: dmvpn_192.168.39.216_192.0.2.2-7 State: Installed Protocol: esp Mode: Tunnel Encryption algorithm: aes192 Authentication algorithm: sha1 Rekey time: 2 minutes and 44 seconds Life time: 14 minutes and 55 seconds Established: 45 minutes and 5 seconds ago Traffic statistics: Input bytes: 45592 Output bytes: 32192 Input packets: 436 Output packets: 319 ------------------------------------------------------------- ESR# sh security ipsec vpn status IPSECVPN_SPOKE Currently active IKE SA: Name: IPSECVPN_SPOKE State: Connecting Version: v1-only Unique ID: 13 Local host: 192.168.39.216 Remote host: 224.0.0.5 Role: Initiator Initiator spi: 0x35ece26be25cec50 Responder spi: 0x0000000000000000 Currently active IKE SA: Name: IPSECVPN_SPOKE State: Established Version: v1-only Unique ID: 14 Local host: 192.168.39.216 Remote host: 192.0.4.2 Role: Initiator Initiator spi: 0x997a2d4ddc2a3cac Responder spi: 0x887bd45f6a25028e Encryption algorithm: aes192 Authentication algorithm: sha1 Diffie-Hellman group: 2 Established: 1 minute and 37 seconds ago Rekey time: 1 minute and 37 seconds Reauthentication time: 2 hours, 48 minutes and 34 seconds Child IPsec SAs: Name: dmvpn_192.168.39.216_192.0.4.2-9 State: Installed Protocol: esp Mode: Tunnel Encryption algorithm: aes192 Authentication algorithm: sha1 Rekey time: 46 minutes and 1 second Life time: 58 minutes and 23 seconds Established: 1 minute and 37 seconds ago Traffic statistics: Input bytes: 1396 Output bytes: 1344 Input packets: 12 Output packets: 12 ------------------------------------------------------------- ESR# ESR# sh ip ospf neighbors Router ID Pri State DTime Interface Router IP --------- --- ----- ----- ----------------- --------- 10.10.10.1 255 Full/DR 00:31 gre 1 10.10.10.1 ESR# ESR# sh ip route ospf O * 1.1.1.1/32 [150/11] via 10.10.10.1 on gre 1 [ospf1 13:58:42] (10.10.10.1) O 10.10.10.0/24 [150/10] dev gre 1 [ospf1 13:58:37] (10.10.10.1) O * 3.3.3.3/32 [150/11] via 10.10.10.2 on gre 1 [ospf1 14:25:24] (10.10.10.2) |
...