HP MSR Router:
Interface
Physical Protocol IP Address
Description
Aux0
down down unassigned Aux0 Inte...
Cellular0/0
down down unassigned Cellular0...
GigabitEthernet0/0
up up 192.168.2.2 GigabitEt...
GigabitEthernet0/1
up up 10.1.1.254 GigabitEt...
[HP]dis curr
#
version 5.20, Release
1910P15, Standard
#
sysname HP
#
ike sa
keepalive-timer interval 20
#
ipsec sa
global-duration time-based 86400
#
domain default enable
system
#
telnet server enable
#
dar p2p
signature-file cfa0:/p2p_default.mtd
#
port-security enable
#
vlan 1
#
domain system
access-limit disable
state active
idle-cut disable
self-service-url
disable
#
ike proposal 100
encryption-algorithm
3des-cbc
dh group2
#
ike peer ipatm
proposal 100
pre-shared-key cipher
xz8n+yXxN+I=
remote-address
192.168.1.1
local-address
192.168.2.2
#
ipsec proposal ipatm
esp
encryption-algorithm 3des
#
ipsec profile ipatm
ike-peer ipatm
proposal ipatm
#
user-group system
#
local-user admin
password cipher
.]@USE=B,53Q=^Q`MAF4<1!!
authorization-attribute level 3
service-type telnet
#
cwmp
undo cwmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Cellular0/0
async mode protocol
link-protocol ppp
#
interface Serial1/0
link-protocol ppp
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
ip address
192.168.2.2 255.255.255.252
#
interface GigabitEthernet0/1
port link-mode route
ip address 10.1.1.254
255.255.255.0
#
interface Tunnel0
ip address 11.1.1.2
255.255.255.0
tunnel-protocol ipsec
ipv4
source
GigabitEthernet0/0
destination
192.168.1.1
ipsec profile ipatm
#
ip route-static
0.0.0.0 0.0.0.0 192.168.2.1
ip route-static
10.1.2.0 255.255.255.0 Tunnel0
#
load
xml-configuration
#
load
tr069-configuration
#
user-interface con 0
user-interface tty 13
user-interface aux 0
user-interface vty 0 4
user privilege level
3
set authentication
password simple 123
#
return
[HP]dis ip ro
Routing Tables: Public
Destinations :
10 Routes : 10
Destination/Mask
Proto Pre Cost
NextHop Interface
0.0.0.0/0
Static 60 0 192.168.2.1 GE0/0
10.1.1.0/24
Direct 0 0 10.1.1.254 GE0/1
10.1.1.254/32
Direct 0 0 127.0.0.1 InLoop0
10.1.2.0/24
Static 60 0 11.1.1.2 Tun0
11.1.1.0/24 Direct 0
0 11.1.1.2 Tun0
11.1.1.2/32
Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8
Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32
Direct 0 0 127.0.0.1 InLoop0
192.168.2.0/30
Direct 0 0 192.168.2.2 GE0/0
192.168.2.2/32
Direct 0 0 127.0.0.1 InLoop0
[HP]dis ike sa
total phase-1
SAs: 1
connection-id peer flag phase
doi
----------------------------------------------------------
33 192.168.1.1 RD 2 IPSEC
31 192.168.1.1 RD 1 IPSEC
flag meaning
RD--READY
ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT
[HP]dis ike peer
---------------------------
IKE Peer: ipatm
exchange mode: main
on phase 1
proposal: 100
pre-shared-key
cipher xz8n+yXxN+I=
peer id type: ip
peer ip address:
192.168.1.1
local ip address:
192.168.2.2
peer name:
nat traversal:
disable
dpd:
---------------------------
[HP]dis ipsec ?
policy Display IPSec security policy
information
policy-template Display IPSec security policy template
information
profile Display IPsec profile info
proposal Display configured IPSec proposal
sa Display IPSec security
association information
session Display IPsec session information
statistics Display statistics information of
security packets
tunnel Display IPSec tunnel information
[HP]dis ipsec s
[HP]dis ipsec session
[HP]dis ipsec sta
[HP]dis ipsec statistics
the security packet
statistics:
input/output
security packets: 118/106
input/output
security bytes: 7456/6784
input/output
dropped security packets: 0/0
dropped security
packet detail:
not enough
memory: 0
can't find SA: 0
queue is full: 0
authentication
has failed: 0
wrong length: 0
replay packet: 0
packet too long:
0
wrong SA: 0
[HP]dis ipsec statistics
the security packet
statistics:
input/output
security packets: 133/121
input/output
security bytes: 8416/7744
input/output
dropped security packets: 0/0
dropped security
packet detail:
not enough
memory: 0
can't find SA: 0
queue is full: 0
authentication
has failed: 0
wrong length: 0
replay packet: 0
packet too long:
0
wrong SA: 0
[HP]Cisco Router:
Router#sh run
Building configuration...
Current configuration : 1446 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 100
encr 3des
authentication pre-share
group 2
crypto isakmp key 123456 address 192.168.2.2
crypto isakmp keepalive 20 periodic
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set ipatm esp-3des esp-md5-hmac
!
crypto ipsec profile ipatm
set transform-set ipatm
!
!
!
!
interface Tunnel0
ip address 11.1.1.1 255.255.255.252
tunnel source FastEthernet0/0
tunnel destination 192.168.2.2
tunnel mode ipsec ipv4
tunnel path-mtu-discovery
tunnel protection ipsec profile ipatm
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.1.2.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip route 10.1.1.0 255.255.255.0 Tunnel0
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
end
Router#sh crypto ipsec sa
interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 192.168.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 192.168.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 541, #pkts encrypt: 541, #pkts digest: 541
#pkts decaps: 566, #pkts decrypt: 566, #pkts verify: 566
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 192.168.1.1, remote crypto endpt.: 192.168.2.2
path mtu 1500, ip mtu 1500
current outbound spi: 0x80D8C3DE(2161689566)
inbound esp sas:
spi: 0x7DC58B9E(2110098334)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 3001, flow_id: FPGA:1, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (1833507/86123)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x1580E301(360768257)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 3003, flow_id: FPGA:3, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (1760770/86126)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x67BC65FB(1740400123)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 3005, flow_id: FPGA:5, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (1753192/86126)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
Router#
Router#sh crypto isakmp sa
dst src state conn-id slot status
192.168.1.1 192.168.2.2 QM_IDLE 1 0 ACTIVE
Router#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.2.0 is directly connected, FastEthernet0/1
S 10.1.1.0 is directly connected, Tunnel0
11.0.0.0/30 is subnetted, 1 subnets
C 11.1.1.0 is directly connected, Tunnel0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.1.2
Router#
Không có nhận xét nào:
Đăng nhận xét