資源描述:
《ipsecvpn配置實(shí)例》由會(huì)員上傳分享,免費(fèi)在線(xiàn)閱讀���,更多相關(guān)內(nèi)容在行業(yè)資料-天天文庫(kù)���。
1�����、實(shí)驗(yàn)?zāi)康氖褂煤?jiǎn)單的配置完成IPsecVPN的實(shí)現(xiàn)。實(shí)驗(yàn)拓?fù)渑渲靡c(diǎn)?R1:cryptoisakmppolicy10?hashmd5?authenticationpre-sharecryptoisakmpkeyciscoaddress23.1.1.3255.255.255.0cryptoipsectransform-setccieesp-desesp-md5-hmaccryptomapVPN10ipsec-isakmp?setpeer23.1.1.3?settransform-setccie?matchaddress100interfaceSerial1/1?ipad
2���、dress12.1.1.1255.255.255.0?serialrestart-delay0?cryptomapVPNR3:cryptoisakmppolicy10?hashmd5?authenticationpre-sharecryptoisakmpkeyciscoaddress12.1.1.1255.255.255.0cryptoipsectransform-setciscoesp-desesp-md5-hmaccryptomapVPN10ipsec-isakmp?setpeer12.1.1.1?settransform-setcisco?matchaddre
3����、ss100interfaceSerial1/0?ipaddress23.1.1.3255.255.255.0?serialrestart-delay0?cryptomapVPN實(shí)驗(yàn)驗(yàn)證R3上開(kāi)啟debug�����,查看交互信息:R1#ping3.3.3.3source1.1.1.1Typeescapesequencetoabort.Sending5,100-byteICMPEchosto3.3.3.3,timeoutis2seconds:Packetsentwithasourceaddressof1.1.1.1.!!!!Successrateis80percent(4/5)
4�、,round-tripmin/avg/max=16/57/164msR3#*Jul2720:03:31.910:ISAKMP(0:0):receivedpacketfrom12.1.1.1dport500sport500Global(N)NEWSA*Jul2720:03:31.914:ISAKMP:Createdapeerstructfor12.1.1.1,peerport500*Jul2720:03:31.914:ISAKMP:Newpeercreatedpeer=0x65B5BB30peer_handle=0x80000005*Jul2720:03:31.918
5、:ISAKMP:Lockingpeerstruct0x65B5BB30,refcount1forcrypto_isakmp_process_block*Jul2720:03:31.922:ISAKMP:localport500,remoteport500*Jul2720:03:31.926:insertsasuccessfullysa=65B77620*Jul2720:03:31.930:ISAKMP:(0):Input=IKE_MESG_FROM_PEER,IKE_MM_EXCH*Jul2720:03:31.930:ISAKMP:(0):OldState=IKE_
6��、READY?NewState=IKE_R_MM1IKE第一階段����,第一個(gè)包交換*Jul2720:03:31.946:ISAKMP:(0):processingSApayload.messageID=0*Jul2720:03:31.950:ISAKMP:(0):processingvendoridpayload*Jul2720:03:31.950:ISAKMP:(0):vendorIDseemsUnity/DPDbutmajor245mismatch*Jul2720:03:31.962:ISAKMP:(0):foundpeerpre-sharedkeymatching1
7、2.1.1.1*Jul2720:03:31.962:ISAKMP:(0):localpresharedkeyfound*Jul2720:03:31.962:ISAKMP:Scanningprofilesforxauth...*Jul2720:03:31.962:ISAKMP:(0):CheckingISAKMPtransform1againstpriority10policy*Jul2720:03:31.966:ISAKMP:?????encryptionDES-CBC*Jul2720:03:31.966:ISAKMP:?????hashMD5*Jul2720:
