全系列VPN技术集锦第一卷第3章(Site-to-SiteIPsecVPN)

全系列VPN技术集锦第一卷第3章(Site-to-SiteIPsecVPN)作者：论坛整理zdnet网络安全CNETNews.com.cn2008-01-1913:29:21关键词：安全防范防火墙VPN例4作为IPsec协商的发起者的路由器show命令输出ThecommandbelowshowsthestateofthecryptoISAKMPSA.ItisshownhereinQMIDLE,meaningthatquickmodehascompletedsuccessfully.Initiator#showcryptoisakmpsadstsrcstateconn-idslot172.16.172.20172.16.172.10QM_IDLE10ThecommandbelowgivesdetailsonboththeincomingandoutgoingIPsecSAs.ItgivesinformationontheattributesnegotiatedduringtheexchangeaswellasstatisticsforhowmanypacketshavebeenexchangedviaeachoftheseSAs.Initiator#showcryptoipsecsainterface:Ethernet1/0Cryptomaptag:vpn,localaddr.172.16.172.10localident(addr/mask/prot/port):(10.1.1.0/255.255.255.0/0/0)remoteident(addr/mask/prot/port):(10.1.2.0/255.255.255.0/0/0)current_peer:172.16.172.20PERMIT,flags=#pktsencaps:4,#pktsencrypt:4,#pktsdigest4#pktsdecaps:4,#pktsdecrypt:4,#pktsverify4#pktscompressed:0,#pktsdecompressed:0#pktsnotcompressed:0,#pktscompr.failed:0,#pktsdecompressfailed:0#senderrors6,#recverrors0localcryptoendpt.:172.16.172.10,remotecryptoendpt.:172.16.172.20pathmtu1500,mediamtu1500currentoutboundspi:EB84DC85inboundespsas:spi:0x8EAB0B22(2393574178)transform:esp-3desesp-md5-hmac,inusesettings={Tunnel,}slot:0,connid:2029,flow_id:1,cryptomap:vpnsatiming:remainingkeylifetime(k/sec):(4607998/3347)IVsize:8bytesreplaydetectionsupport:Yinboundahsas:inboundpcpsas:outboundespsas:spi:0xEB84DC85(3951352965)transform:esp-3desesp-md5-hmac,inusesettings={Tunnel,}slot:0,connid:2030,flow_id:2,cryptomap:vpnsatiming:remainingkeylifetime(k/sec):(4607999/3347)IVsize:8bytesreplaydetectionsupport:Youtboundahsas:outboundpcpsas:ThecommandbelowbasicallyprintstheconfigurationofthecryptomapontherouterInitiator#showcryptomapCryptoMapvpn10ipsec-isakmpPeer=172.16.172.20ExtendedIPaccesslist101access-list101permitip10.1.1.00.0.0.25510.1.2.00.0.0.255Currentpeer:172.16.172.20Securityassociationlifetime:4608000kilobytes/3600secondsPFS(Y/N):NTransformsets={myset,}Interfacesusingcryptomapvpn:Ethernet1/0例5作为IPsec协商的响应者的路由器debugResponder#showdebugCryptographicSubsystem:CryptoISAKMPdebuggingisonCryptoEnginedebuggingisonCryptoIPSECdebuggingison1w1d:ISAKMP(0:0):receivedpacketfrom172.16.172.10(N)NEWSA1w1d:ISAKMP:localport500,remoteport5001w1d:ISAKMP(0:1):Input=IKE_MESG_FROM_PEER,IKE_MM_EXCHOldState=IKE_READYNewState=IKE_R_MM11w1d:ISAKMP(0:1):processingSApayload.messageID=01w1d:ISAKMP(0:1):foundpeerpre-sharedkeymatching172.16.172.101w1d:ISAKMP(0:1):CheckingISAKMPtransform1againstpriority1policy1w1d:ISAKMP:encryption3DES-CBC1w1d:ISAKMP:hashSHA1w1d:ISAKMP:defaultgroup11w1d:ISAKMP:authpre-share1w1d:ISAKMP:lifetypeinseconds1w1d:ISAKMP:lifeduration(VPI)of0x00x10x510x801w1d:ISAKMP(0:1):attsareacceptable.Nextpayloadis01w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PROCESS_MAIN_MODEOldState=IKE_R_MM1NewState=IKE_R_MM11w1d:ISAKMP(0:1):sendingpacketto172.16.172.10(R)MM_SA_SETUP1w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PROCESS_COMPLETEOldState=IKE_R_MM1NewState=IKE_R_MM21w1d:ISAKMP(0:1):receivedpacketfrom172.16.172.10(R)MM_SA_SETUP1w1d:ISAKMP(0:1):Input=IKE_MESG_FROM_PEER,IKE_MM_EXCHOldState=IKE_R_MM2NewState=IKE_R_MM31w1d:ISAKMP(0:1):processingKEpayload.messageID=01w1d:ISAKMP(0:1):processingNONCEpayload.messageID=01w1d:ISAKMP(0:1):foundpeerpre-sharedkeymatching172.16.172.101w1d:ISAKMP(0:1):SKEYIDstategenerated1w1d:ISAKMP(0:1):processingvendoridpayload1w1d:ISAKMP(0:1):vendorIDisUnity1w1d:ISAKMP(0:1):processingvendoridpayload1w1d:ISAKMP(0:1):vendorIDisDPD1w1d:ISAKMP(0:1):processingvendoridpayload1w1d:ISAKMP(0:1):speakingtoanotherIOSbox!1w1d:ISAKMP(0:1):processingvendoridpayload1w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PROCESS_MAIN_MODEOldState=IKE_R_MM3NewState=IKE_R_MM31w1d:ISAKMP(0:1):sendingpacketto172.16.172.10(R)MM_KEY_EXCH1w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PROCESS_COMPLETEOldState=IKE_R_MM3NewState=IKE_R_MM41w1d:ISAKMP(0:1):receivedpacketfrom172.16.172.10(R)MM_KEY_EXCH1w1d:ISAKMP(0:1):Input=IKE_MESG_FROM_PEER,IKE_MM_EXCHOldState=IKE_R_MM4NewState=IKE_R_MM51w1d:ISAKMP(0:1):processingIDpayload.messageID=01w1d:ISAKMP(0:1):processingHASHpayload.messageID=01w1d:ISAKMP(0:1):SAhasbeenauthenticatedwith172.16.172.101w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PROCESS_MAIN_MODEOldState=IKE_R_MM5NewState=IKE_R_MM51w1d:ISAKMP(0:1):SAisdoingpre-sharedkeyauthenticationusingidtypeID_IPV4_ADDR1w1d:ISAKMP(1):IDpayloadnext-payload:8type:1protocol:17port:500length:81w1d:ISAKMP(1):Totalpayloadlength:121w1d:ISAKMP(0:1):sendingpacketto172.16.172.10(R)QM_IDLE1w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PROCESS_COMPLETEOldState=IKE_R_MM5NewState=IKE_P1_COMPLETE1w1d:ISAKMP(0:1):Input=IKE_MESG_INTERNAL,IKE_PHASE1_COMPLETEOldState=IKE_P1_COMPLETENewState=IKE_P1_COMPLETE1w1d:ISAKMP(0:1):receivedpacketfrom172.16.172.10(R)QM_IDLE1w1d:ISAKMP(0:1):processingHASHpayload.messageID=9652734721w1d:ISAKMP(0:1):processingSApayload.messageID=9652734721w1d:ISAKMP(0:1):CheckingIPsecproposal11w1d:ISAKMP:transform1,ESP_3DES1w1d:ISAKMP:attributesintransform:1w1d:ISAKMP:encapsis11w1d:ISAKMP:SAlifetypeinseconds1w1d:ISAKMP

全系列VPN技术集锦第一卷第3章(Site-to-SiteIPsecVPN)

免费阅读已结束，点击付费阅读剩下 ... 页

阅读已结束，您可以下载文档离线阅读

宁波-大力推进智慧城市建设

关于房地产泡沫的论文

某工程基坑支护土方开挖及桩基工程施工组织设计(下半部

专家揭示：建筑陶瓷抗震的指标

建筑防火课件

金融危机对中国中小企业的影响

【赞print】XXXX法规重点(高概率考点)

保瑞段隧道不良地质风险管理一览表2

文化事业的发展

巴州煤矿三号井地测防治水管理制度汇编XXXX最新

相关文档

相关搜索