亚洲激情专区-91九色丨porny丨老师-久久久久久久女国产乱让韩-国产精品午夜小视频观看

溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

IPSEC over GRE with BGP

發布時間:2020-06-22 12:57:27 來源:網絡 閱讀:458 作者:myworldkwd 欄目:安全技術

【實驗拓撲和軟件】

 

IPSEC over GRE with BGP

本文實驗采用的交換機是H3C模擬器,下載地址如下: http://forum.h4c.com/forum.php? mod=viewthread&tid=109740&highlight=H3C%E6%A8%A1%E6% 8B%9F%E5%99%A8 有興趣的朋 友可以在論壇上去下載 

【需求信息】

 

R2和R4建立EBGP鄰居信息,鄰居都是tunnel口的地址,而流經tunnel口的數據包都是需要ipsec加密 的!

 

 

 

【配置信息】

R2

 

vlan 1024

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

ike peer r4

 pre-shared-key simple 1234567

 remote-address 192.168.24.4

#

ipsec proposal 1

#

ipsec policy jc 10 isakmp

 security acl 3000

 ike-peer r4

 proposal 1

#

acl number 3000

 rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.11.0 0.0.0.255

 rule 5 permit ip source 172.16.1.0 0.0.0.255 destination 172.16.11.0 0.0.0.255

#

 

#

interface LoopBack0

 ip address 192.168.1.1 255.255.255.255

#

interface Vlan-interface1024

 ip address 192.168.28.2 255.255.255.0

#

 

interface Tunnel0

 ip address 192.168.24.2 255.255.255.0

 source 192.168.28.2

 destination 192.168.48.4

 ipsec policy jc

#

bgp 65001

 network 192.168.1.1 255.255.255.255

 undo synchronization

 peer 192.168.24.4 as-number 65002

#

 ip route-static 0.0.0.0 0.0.0.0 192.168.28.8

 

 

 

 

SW4

 

 

#

interface Vlan-interface1024

 ip address 192.168.28.8 255.255.255.0

#

interface Vlan-interface1044

 ip address 192.168.48.8 255.255.255.0

#

interface Ethernet0/4/0

 port link-mode bridge

#

interface Ethernet0/4/1

 port link-mode bridge

#

interface Ethernet0/4/2

 port link-mode bridge

 port access vlan 1024

#

interface Ethernet0/4/3

 port link-mode bridge

#

interface Ethernet0/4/4

 port link-mode bridge

 port access vlan 1044

 

 

R4

 

 

 

 

#

vlan 1044

#

domain system

 access-limit disable

 state active

 idle-cut disable

 self-service-url disable

#

ike peer r2

 pre-shared-key simple 1234567

 remote-address 192.168.24.2

#

ipsec proposal 1

#

ipsec policy jc 10 isakmp

 security acl 3000

 ike-peer r2

 proposal 1

#

acl number 3000

 rule 0 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.1.0 0.0.0.255

 rule 5 permit ip source 172.16.11.0 0.0.0.255 destination 172.16.1.0 0.0.0.255

#

interface Serial0/6/0

 link-protocol ppp

#

interface Serial0/6/1

 link-protocol ppp

#

interface Serial0/6/2

 link-protocol ppp

#

interface Serial0/6/3

 link-protocol ppp

#

interface NULL0

#

interface LoopBack0

 ip address 192.168.11.1 255.255.255.255

#

interface Vlan-interface1044

 ip address 192.168.48.4 255.255.255.0

#

interface Ethernet0/4/0

 port link-mode bridge

#

interface Ethernet0/4/1

 port link-mode bridge

 port access vlan 1044

 

 

 

 

interface Tunnel0

 ip address 192.168.24.4 255.255.255.0

 source 192.168.48.4

 destination 192.168.28.2

 ipsec policy jc

#

bgp 65002

 network 192.168.11.1 255.255.255.255

 undo synchronization

 peer 192.168.24.2 as-number 65001

#

 ip route-static 0.0.0.0 0.0.0.0 192.168.48.8

#

 

 

 

【驗證】

 

查看ike 和ipsec sa

<R2>

<R2>dis ike sa

    total phase-1 SAs:  0

    connection-id  peer            flag        phase   doi

  ----------------------------------------------------------

<R2>dis ipsec sa

<R2>

<R2>                  因為還沒有數據包匹配,所以沒有sa

 

 

 

 

<R2>ping -a 192.168.1.1 192.168.11.1

  PING 192.168.11.1: 56  data bytes, press CTRL_C to break

    Request time out

    Reply from 192.168.11.1: bytes=56 Sequence=2 ttl=255 time=50 ms

    Reply from 192.168.11.1: bytes=56 Sequence=3 ttl=255 time=44 ms

    Reply from 192.168.11.1: bytes=56 Sequence=4 ttl=255 time=45 ms

    Reply from 192.168.11.1: bytes=56 Sequence=5 ttl=255 time=50 ms

 

  --- 192.168.11.1 ping statistics ---

    5 packet(s) transmitted

    4 packet(s) received

    20.00% packet loss

    round-trip min/avg/max = 44/47/50 ms

 

<R2>dis ike sa

    total phase-1 SAs:  1

    connection-id  peer            flag        phase   doi

  ----------------------------------------------------------

        6          192.168.24.4    RD|ST         2     IPSEC 

        5          192.168.24.4    RD|ST         1     IPSEC 

 

  flag meaning

  RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT

<R2>dis ipsec sa

===============================

Interface: Tunnel0

    path MTU: 1476

===============================

 

  -----------------------------

  IPsec policy name: "jc"

  sequence number: 10

  mode: isakmp

  -----------------------------

    connection id: 4

    encapsulation mode: tunnel

    perfect forward secrecy: None

    tunnel:

        local  address: 192.168.24.2

        remote address: 192.168.24.4

    Flow :

        sour addr: 192.168.1.0/255.255.255.0  port: 0  protocol: IP

        dest addr: 192.168.11.0/255.255.255.0  port: 0  protocol: IP

 

    [inbound ESP SAs] 

      spi: 2478830021 (0x93bff1c5)

      proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5

      sa remaining key duration (bytes/sec): 1887436464/3588

      max received sequence-number: 4

      udp encapsulation used for nat traversal: N

 

    [outbound ESP SAs] 

      spi: 645607044 (0x267b2e84)

      proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5

      sa remaining key duration (bytes/sec): 1887436464/3588

      max sent sequence-number: 5

      udp encapsulation used for nat traversal: N

<R2> 

 

 

 

 

 

<R4>

<R4>dis ike sa

    total phase-1 SAs:  1

    connection-id  peer            flag        phase   doi

  ----------------------------------------------------------

        4          192.168.24.2    RD            2     IPSEC 

        3          192.168.24.2    RD            1     IPSEC 

 

  flag meaning

  RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT

<R4>

<R4>dis ipsec sa

===============================

Interface: Tunnel0

    path MTU: 1476

===============================

 

  -----------------------------

  IPsec policy name: "jc"

  sequence number: 10

  mode: isakmp

  -----------------------------

    connection id: 4

    encapsulation mode: tunnel

    perfect forward secrecy: None

    tunnel:

        local  address: 192.168.24.4

        remote address: 192.168.24.2

    Flow :

        sour addr: 192.168.11.0/255.255.255.0  port: 0  protocol: IP

        dest addr: 192.168.1.0/255.255.255.0  port: 0  protocol: IP

 

    [inbound ESP SAs] 

      spi: 645607044 (0x267b2e84)

      proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5

      sa remaining key duration (bytes/sec): 1887436464/3523

      max received sequence-number: 4

      udp encapsulation used for nat traversal: N

 

    [outbound ESP SAs] 

      spi: 2478830021 (0x93bff1c5)

      proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5

      sa remaining key duration (bytes/sec): 1887436464/3523

      max sent sequence-number: 5

      udp encapsulation used for nat traversal: N

<R4>  

向AI問一下細節

免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。

AI

康保县| 桦甸市| 威远县| 廊坊市| 榆林市| 玉门市| 柳州市| 凌海市| 吉木萨尔县| 工布江达县| 叙永县| 富川| 宁津县| 湾仔区| 北票市| 鹤山市| 海城市| 罗源县| 威海市| 金山区| 九江县| 慈溪市| 林口县| 神池县| 绥化市| 乌海市| 松桃| 阆中市| 枝江市| 乐平市| 和龙市| 荆州市| 澳门| 龙陵县| 连州市| 濮阳县| 育儿| 浦城县| 天水市| 于都县| 巴里|