安全CCIE之路实验IPsec静态vtiWord文档下载推荐.docx
- 文档编号:20234656
- 上传时间:2023-01-21
- 格式:DOCX
- 页数:16
- 大小:120.58KB
安全CCIE之路实验IPsec静态vtiWord文档下载推荐.docx
《安全CCIE之路实验IPsec静态vtiWord文档下载推荐.docx》由会员分享,可在线阅读,更多相关《安全CCIE之路实验IPsec静态vtiWord文档下载推荐.docx(16页珍藏版)》请在冰豆网上搜索。
authenticationpre-share
group2
cryptoisakmpkeyciscoaddress0.0.0.00.0.0.0
cryptoipsectransform-setciscoesp-3desesp-md5-hmac
cryptoipsecprofiletext
settransform-setcisco
interfaceLoopback0
ipaddress10.10.1.1255.255.255.0
interfaceTunnel1
ipaddress10.10.13.1255.255.255.252
tunnelsourceSerial0/1
tunneldestination202.103.23.2
tunnelmodeipsecipv4
tunnelprotectionipsecprofiletext
interfaceSerial0/0
noipaddress
shutdown
serialrestart-delay0
interfaceSerial0/1
ipaddress202.103.12.1255.255.255.252
interfaceSerial0/2
shutdown
interfaceSerial0/3
interfaceEthernet1/0
half-duplex
interfaceEthernet1/1
interfaceEthernet1/2
interfaceEthernet1/3
iphttpserver
noiphttpsecure-server
iproute0.0.0.00.0.0.0202.103.12.2
iproute10.10.3.0255.255.255.0Tunnel1
control-plane
linecon0
exec-timeout00
loggingsynchronous
lineaux0
linevty04
end
r1#
r3#showrun
hostnamer3
ipaddress10.10.3.1255.255.255.0
ipaddress10.10.13.2255.255.255.252
tunnelsourceSerial0/0
tunneldestination202.103.12.1
ipaddress202.103.23.2255.255.255.252
iproute0.0.0.00.0.0.0202.103.23.1
iproute10.10.1.0255.255.255.0Tunnel1
r3#
路由
r1#showiprout
Codes:
C-connected,S-static,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2
i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-2
ia-IS-ISinterarea,*-candidatedefault,U-per-userstaticroute
o-ODR,P-periodicdownloadedstaticroute
Gatewayoflastresortis202.103.12.2tonetwork0.0.0.0
202.103.12.0/30issubnetted,1subnets
C202.103.12.0isdirectlyconnected,Serial0/1
10.0.0.0/8isvariablysubnetted,3subnets,2masks
C10.10.1.0/24isdirectlyconnected,Loopback0
S10.10.3.0/24isdirectlyconnected,Tunnel1
C10.10.13.0/30isdirectlyconnected,Tunnel1
S*0.0.0.0/0[1/0]via202.103.12.2
r3#showiproute
Gatewayoflastresortis202.103.23.1tonetwork0.0.0.0
202.103.23.0/30issubnetted,1subnets
C202.103.23.0isdirectlyconnected,Serial0/0
S10.10.1.0/24isdirectlyconnected,Tunnel1
C10.10.3.0/24isdirectlyconnected,Loopback0
S*0.0.0.0/0[1/0]via202.103.23.1
SA
r1#showcryptoipsecsa
interface:
Tunnel1
Cryptomaptag:
Tunnel1-head-0,localaddr202.103.12.1
protectedvrf:
(none)
localident(addr/mask/prot/port):
(0.0.0.0/0.0.0.0/0/0)
remoteident(addr/mask/prot/port):
current_peer202.103.23.2port500
PERMIT,flags={origin_is_acl,}
#pktsencaps:
10,#pktsencrypt:
10,#pktsdigest:
10
#pktsdecaps:
5,#pktsdecrypt:
5,#pktsverify:
5
#pktscompressed:
0,#pktsdecompressed:
0
#pktsnotcompressed:
0,#pktscompr.failed:
#pktsnotdecompressed:
0,#pktsdecompressfailed:
#senderrors0,#recverrors0
localcryptoendpt.:
202.103.12.1,remotecryptoendpt.:
202.103.23.2
pathmtu1500,ipmtu1500,ipmtuidbSerial0/1
currentoutboundspi:
0x92F54307(2465547015)
inboundespsas:
spi:
0x8CADB3F5(2360194037)
transform:
esp-3desesp-md5-hmac,
inusesettings={Tunnel,}
connid:
2001,flow_id:
SW:
1,cryptomap:
Tunnel1-head-0
satiming:
remainingkeylifetime(k/sec):
(4601932/3334)
IVsize:
8bytes
replaydetectionsupport:
Y
Status:
ACTIVE
inboundahsas:
inboundpcpsas:
outboundespsas:
2002,flow_id:
2,cryptomap:
(4601931/3333)
outboundahsas:
outboundpcpsas:
r1#showcry
r1#showcryptomap
CryptoMap"
Tunnel1-head-0"
65536ipsec-isakmp
Profilename:
text
Securityassociationlifetime:
4608000kilobytes/3600seconds
PFS(Y/N):
N
Transformsets={
cisco,
}
65537ipsec-isakmp
MapisaPROFILEINSTANCE.
Peer=202.103.23.2
ExtendedIPaccesslist
access-listpermitipanyany
Currentpeer:
AlwayscreateSAs
InterfacesusingcryptomapTunnel1-head-0:
r3#showcryptoipsecsa
Tunnel1-head-0,localaddr202.103.23.2
current_peer202.103.12.1port500
5,#pktsencrypt:
5,#pktsdigest:
10,#pktsdecrypt:
10,#pktsverify:
202.103.23.2,remotecryptoendpt.:
202.103.12.1
pathmtu1500,ipmtu1500,ipmtuidbSerial0/0
(4448516/3273)
(4448517/3272)
跑动态路由
routerospf1
router-id3.3.3.3
log-adjacency-changes
network10.10.3.00.0.0.255area0
network10.10.13.00.0.0.3area0
r1#showiprouteospf
10.0.0.0/8isvariablysubnetted,3subnets,3masks
O10.10.3.1/32[110/11112]via10.10.13.2,00:
01:
18,Tunnel1
r3#showiprouteospf
O10.10.1.1/32[110/11112]via10.10.13.1,00:
51,Tunnel1
r1#showipospfneighbor
NeighborIDPriStateDeadTimeAddressInterface
3.3.3.30FULL/-00:
00:
3710.10.13.2Tunnel1
r1#ping10.10.3.1source10.10.1.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto10.10.3.1,timeoutis2seconds:
Packetsentwithasourceaddressof10.10.1.1
Successrateis100percent(5/5),round-tripmin/avg/max=16/68/136ms
r1#ping10.10.3.1source10.10.13.1
Packetsentwithasourceaddressof10.10.13.1
Successrateis100percent(5/5),round-tripmin/avg/max=16/72/128ms
r1#ping10.10.3.1source202.103.12.1
Sending5,100-b
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 安全CCIE之路实验IPsec 静态vti 安全 CCIE 实验 IPsec 静态 vti