收藏
下载资源

ipsecvpn配置实例.doc

上传人:ni****g 文档编号:561545599 上传时间:2022-11-28 格式:DOC 页数:9 大小:27.26KB
返回 下载 相关 举报
ipsecvpn配置实例.doc_第1页
第1页 / 共9页
ipsecvpn配置实例.doc_第2页
第2页 / 共9页
ipsecvpn配置实例.doc_第3页
第3页 / 共9页
ipsecvpn配置实例.doc_第4页
第4页 / 共9页
ipsecvpn配置实例.doc_第5页
第5页 / 共9页
点击查看更多>>
资源描述

《ipsecvpn配置实例.doc》由会员分享,可在线阅读,更多相关《ipsecvpn配置实例.doc(9页珍藏版)》请在金锄头文库上搜索。

1、实验目的使用简单的配置完成IPsecVPN的实现。实验拓扑配置要点R1:crypto isakmp policy 10hash md5authentication pre-sharecrypto isakmp key cisco address 23.1.1.3 255.255.255.0crypto ipsec transform-set ccie esp-des esp-md5-hmaccrypto map VPN 10 ipsec-isakmpset peer 23.1.1.3set transform-set cciematch address 100interface Serial1

2、/1ip address 12.1.1.1 255.255.255.0serial restart-delay 0crypto map VPNR3:crypto isakmp policy 10hash md5authentication pre-sharecrypto isakmp key cisco address 12.1.1.1 255.255.255.0crypto ipsec transform-set cisco esp-des esp-md5-hmaccrypto map VPN 10 ipsec-isakmpset peer 12.1.1.1set transform-set

3、 ciscomatch address 100interface Serial1/0ip address 23.1.1.3 255.255.255.0serial restart-delay 0crypto map VPN实验验证R3上开启debug,查看交互信息:R1#ping 3.3.3.3 source 1.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:Packet sent with a source address of 1.1.1.

4、1.!Success rate is 80 percent (4/5), round-trip min/avg/max = 16/57/164 msR3#*Jul 27 20:03:31.910: ISAKMP (0:0): received packet from 12.1.1.1 dport 500 sport 500 Global (N) NEW SA*Jul 27 20:03:31.914: ISAKMP: Created a peer struct for 12.1.1.1, peer port 500*Jul 27 20:03:31.914: ISAKMP: New peer cr

5、eated peer = 0x65B5BB30 peer_handle = 0x80000005*Jul 27 20:03:31.918: ISAKMP: Locking peer struct 0x65B5BB30, refcount 1 for crypto_isakmp_process_block*Jul 27 20:03:31.922: ISAKMP: local port 500, remote port 500*Jul 27 20:03:31.926: insert sa successfully sa = 65B77620*Jul 27 20:03:31.930: ISAKMP:

6、(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Jul 27 20:03:31.930: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_MM1IKE第一阶段,第一个包交换*Jul 27 20:03:31.946: ISAKMP:(0): processing SA payload. message ID = 0*Jul 27 20:03:31.950: ISAKMP:(0): processing vendor id payload*Jul 27 20:03:31.950: ISAKMP:(0):

7、vendor ID seems Unity/DPD but major 245 mismatch*Jul 27 20:03:31.962: ISAKMP:(0):found peer pre-shared key matching 12.1.1.1*Jul 27 20:03:31.962: ISAKMP:(0): local preshared key found*Jul 27 20:03:31.962: ISAKMP : Scanning profiles for xauth .*Jul 27 20:03:31.962: ISAKMP:(0):Checking ISAKMP transfor

8、m 1 against priority 10 policy*Jul 27 20:03:31.966: ISAKMP: encryption DES-CBC*Jul 27 20:03:31.966: ISAKMP: hash MD5*Jul 27 20:03:31.966: ISAKMP: default group 1*Jul 27 20:03:31.966: ISAKMP: auth pre-share*Jul 27 20:03:31.966: ISAKMP: life type in seconds*Jul 27 20:03:31.966: ISAKMP: life duration (

9、VPI) of 0x0 0x1 0x51 0x80*Jul 27 20:03:31.966: ISAKMP:(0):atts are acceptable. Next payload is 0*Jul 27 20:03:31.970: ISAKMP:(0): processing vendor id payload*Jul 27 20:03:31.970: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch*Jul 27 20:03:31.970: ISAKMP:(0):Input = IKE_MESG_INTERNAL,

10、IKE_PROCESS_MAIN_MODE*Jul 27 20:03:31.970: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM1*Jul 27 20:03:31.974: ISAKMP:(0): sending packet to 12.1.1.1 my_port 500 peer_port 500 (R) MM_SA_SETUP发协包到对方PEER13.1.1.3 源端口:500 目标端口:500*Jul 27 20:03:31.974: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PR

11、OCESS_COMPLETE*Jul 27 20:03:31.978: ISAKMP:(0):Old State = IKE_R_MM1 New State = IKE_R_MM2*Jul 27 20:03:32.026: ISAKMP (0:0): received packet from 12.1.1.1 dport 500 sport 500 Global (R) MM_SA_SETUP*Jul 27 20:03:32.026: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Jul 27 20:03:32.026: ISAKMP:(

12、0):Old State = IKE_R_MM2 New State = IKE_R_MM3*Jul 27 20:03:32.026: ISAKMP:(0): processing KE payload. message ID = 0*Jul 27 20:03:32.054: ISAKMP:(0): processing NONCE payload. message ID = 0*Jul 27 20:03:32.058: ISAKMP:(0):found peer pre-shared key matching 12.1.1.1*Jul 27 20:03:32.058: ISAKMP:(100

13、2): processing vendor id payload*Jul 27 20:03:32.062: ISAKMP:(1002): vendor ID is Unity*Jul 27 20:03:32.062: ISAKMP:(1002): processing vendor id payload*Jul 27 20:03:32.062: ISAKMP:(1002): vendor ID is DPD*Jul 27 20:03:32.062: ISAKMP:(1002): processing vendor id payload*Jul 27 20:03:32.062: ISAKMP:(

14、1002): speaking to another IOS box!*Jul 27 20:03:32.062: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE*Jul 27 20:03:32.062: ISAKMP:(1002):Old State = IKE_R_MM3 New State = IKE_R_MM3*Jul 27 20:03:32.066: ISAKMP:(1002): sending packet to 12.1.1.1 my_port 500 peer_port 500 (R) MM_KEY_E

15、XCH*Jul 27 20:03:32.066: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE*Jul 27 20:03:32.066: ISAKMP:(1002):Old State = IKE_R_MM3 New State = IKE_R_MM4*Jul 27 20:03:32.122: ISAKMP (0:1002): received packet from 12.1.1.1 dport 500 sport 500 Global (R) MM_KEY_EXCH*Jul 27 20:03:32.122: ISAKMP:(1002):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Jul 27 20:03:32.122: ISAKMP:(1002):Old State = IKE_R_MM4 New State = IKE_R_MM5*Jul 27 20:03:32.122: ISAKMP:(1002): processing ID payload. message ID = 0*Jul 27 20:03:32.122: ISAKMP (0:1002): ID payl

展开阅读全文
相关资源
相关搜索

当前位置:首页 > 生活休闲 > 社会民生

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号