Eltex Knowledge Base
Дерево страниц

Сравнение версий

Старая версия 5

changes.mady.by.user Сервисный центр Ethernet

Сохранено

по сравнению с

Новая версия Текущий

changes.mady.by.user Сервисный центр Ethernet

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

2) Информация о состоянии протокола OSPF и IPSec туннеля:

Блок кода
esr#  show ip ospf neighbors 
Router ID        Pri  State          DTime  Interface          Router IP
---------        ---  -----          -----  -----------------  ---------
10.110.0.65      1    Full/BDR       00:3536  gre 1              10.110.0.65

esr# show security ipsec vpn status IPSEC 
Currently active IKE SA:
    Name:                      IPSEC
    State:                     Established
    Version:                   v1-only
    Unique ID: 3
                1
    Local host:                100.100.0.2
    Remote host:               10.10.0.13
    Role: Initiator
                     Responder
    Initiator spi: 0x15dc63f5881abbb0
            0xc6518822b67d5635
    Responder spi: 0xd45e86e5abb121d9
            0x8f9084d1b93f1ccc
    Encryption algorithm: des
     aes128
    Authentication algorithm:  sha1
    Diffie-Hellman group:      2
    Established: 12 minutes              1 minute and 3421 seconds ago
    Rekey time: 12 minutes and 34              1 minute and 21 seconds
    Reauthentication time:     23 hours, 3243 minutes and 735 seconds
    Child IPsec SAs:
        Name:                      IPSEC-2
        State:                     Installed
        Protocol:                  esp
        Mode:                      Tunnel
        Encryption algorithm:      aes128
        Authentication algorithm:  sha1
        Rekey time: 32 minutes
               45 minutes and 53 seconds
        Life time: 47                 58 minutes and 2639 seconds
        Established: 12 minutes              1 minute and 3421 seconds ago
        Traffic statistics: 
            Input bytes: 540
          832
            Output bytes: 540
         736
            Input packets: 5
        8
            Output packets: 5       8
        -------------------------------------------------------------


Cisco:

1) Конфигурация:

Блок кода
crypto isakmp policy 2
 encr aes
 authentication pre-share
 group 2
crypto isakmp key password address 100.100.0.2
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set strongIPsec esp-aes esp-sha-hmac 
!
crypto map mymap local-address FastEthernet0/0
crypto map mymap 119 ipsec-isakmp setprofile peer 100.100.0.2IPsec_profile
 set transform-set strongIPsec match
address 119
!
!
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
!
!
interface Tunnel2
 ip address 10.110.0.65 255.255.255.252
 ip ospf network broadcast
 ip ospf 1 area 0.0.0.1
ip ospf network broadcast
tunnel source 10.10.0.13
 tunnel destination 100.100.0.2
!
 tunnel protection ipsec profile IPsec_profile
!
interface FastEthernet0/0
 ip address 10.10.0.13 255.255.255.0
duplex auto
speed auto
crypto mapfull-duplex
mymap
!       
router ospf 1
router-id 10.110.0.65
log-adjacency-changes
!
ip route 100.100.0.0 255.255.255.0 10.10.0.1
ip route 0.0.0.0 0.0.0.0 Tunnel2
!
access-list 119 permit gre host 10.10.0.13 host 100.100.0.2

2) Информация о состоянии протокола OSPF и IPSec туннеля:

Блок кода
Router#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.110.0.66 0    128   FULL/DR -        00:00:3233    10.110.0.66     Tunnel2

Router#show crypto ipsec sa 

interface: FastEthernet0/0
Tunnel2
    Crypto map tag: mymapTunnel2-head-0, local addr 10.10.0.13

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (10.10.0.13/255.255.255.255/47/0)
   remote ident (addr/mask/prot/port): (100.100.0.2/255.255.255.255/47/0)
   current_peer 100.100.0.2 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 531, #pkts encrypt: 531, #pkts digest: 531
    #pkts decaps: 528, #pkts decrypt: 528, #pkts verify: 528
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 07, #recv errors 0

     local crypto endpt.: 10.10.0.13, remote crypto endpt.: 100.100.0.2
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0xC9A1F2920xC9AC095C(33828338103383495004)
     PFS (Y/N): YN, DH group: group2
none

     inbound esp sas:
      spi: 0x7783E2D20x5F736BDD(20051319861601399773)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 20012007, flow_id: FPGA:17, sibling_flags 80000046, crypto map: mymap
Tunnel2-head-0
        sa timing: remaining key lifetime (k/sec): (44803124410255/30333460)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xC9A1F2920xC9AC095C(33828338103383495004)
        transform: esp-aes esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 20022008, flow_id: FPGA:28, sibling_flags 80000046, crypto map: mymap
Tunnel2-head-0
        sa timing: remaining key lifetime (k/sec): (44803124410255/30333460)
        IV size: 16 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:
          
     outbound pcp sas: