NBMA網絡　Dynamic IPsec ***

R1-sever#show run

ip domain name sina.com

username sunzhixiong password 0 cisco

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ilovetg2008 address 172.16.10.0 255.255.255.0

crypto ipsec transform-set sun1 ah-md5-hmac esp-des esp-md5-hmac comp-lzs

crypto dynamic-map sun1 10

set security-association lifetime kilobytes 102400

set transform-set sun1

set pfs group2

match address ***

crypto map sun 10 ipsec-isakmp dynamic sun1

interface Loopback1

ip address 1.1.1.1 255.255.255.0

interface Serial1/0

ip address 172.16.10.1 255.255.255.0

encapsulation frame-relay

serial restart-delay 0

crypto map sun

router ospf 1

router-id 1.1.1.1

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 0

network 172.16.10.1 0.0.0.0 area 0

neighbor 172.16.10.3

neighbor 172.16.10.2

ip access-list extended ***

permit tcp host 1.1.1.1 host 2.2.2.2

permit tcp host 1.1.1.1 host 3.3.3.3

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

transport input telnet ssh

end

FR_SW1#show run

frame-relay switching

interface Tunnel0

no ip address

tunnel source FastEthernet0/0

tunnel destination 100.1.1.3

interface FastEthernet0/0

ip address 100.1.1.2 255.255.255.0

duplex auto

speed auto

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

clock rate 64000

frame-relay lmi-type cisco

frame-relay intf-type dce

frame-relay route 102 interface Serial1/2 201

frame-relay route 103 interface Tunnel0 130

interface Serial1/2

no ip address

encapsulation frame-relay

serial restart-delay 0

clock rate 64000

frame-relay lmi-type cisco

frame-relay intf-type dce

frame-relay route 201 interface Serial1/0 102

End

FR_SW2#show run

frame-relay switching

interface Tunnel0

no ip address

tunnel source FastEthernet0/0

tunnel destination 100.1.1.2

interface FastEthernet0/0

ip address 100.1.1.3 255.255.255.0

duplex auto

speed auto

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

interface Serial1/3

no ip address

encapsulation frame-relay

serial restart-delay 0

clock rate 64000

frame-relay lmi-type cisco

frame-relay intf-type dce

frame-relay route 301 interface Tunnel0 130

End

client2#show run

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ilovetg2008 address 172.16.10.0 255.255.255.0

crypto ipsec security-association lifetime kilobytes 102400

crypto ipsec transform-set sun2 ah-md5-hmac esp-des esp-md5-hmac comp-lzs

crypto map sun2 10 ipsec-isakmp

set peer 172.16.10.1

set transform-set sun2

set pfs group2

match address ***

interface Loopback2

ip address 2.2.2.2 255.255.255.0

interface Serial1/2

ip address 172.16.10.2 255.255.255.0

encapsulation frame-relay

ip ospf priority 0

serial restart-delay 0

frame-relay lmi-type cisco

crypto map sun2

router ospf 1

router-id 2.2.2.2

log-adjacency-changes

network 2.2.2.0 0.0.0.255 area 0

network 172.16.10.2 0.0.0.0 area 0

ip access-list extended ***

permit tcp host 2.2.2.2 host 1.1.1.1

client3#show run

ip ssh source-interface Loopback3

crypto isakmp policy 10

hash md5

authentication pre-share

group 2

lifetime 3600

crypto isakmp key ilovetg2008 address 172.16.10.1

crypto ipsec security-association lifetime kilobytes 102400

crypto ipsec transform-set sun3 ah-md5-hmac esp-des esp-md5-hmac comp-lzs

crypto map sun3 10 ipsec-isakmp

set peer 172.16.10.1

set transform-set sun3

set pfs group2

match address ***

interface Loopback3

ip address 3.3.3.3 255.255.255.0

interface Serial1/3

ip address 172.16.10.3 255.255.255.0

encapsulation frame-relay

ip ospf priority 0

serial restart-delay 0

frame-relay lmi-type cisco

crypto map sun3

router ospf 1

router-id 3.3.3.3

log-adjacency-changes

network 3.3.3.3 0.0.0.0 area 0

network 172.16.10.3 0.0.0.0 area 0

ip access-list extended ***

permit tcp host 3.3.3.3 host 1.1.1.1

R1-sever#show crypto isakmp sa

dst src state conn-id slot status

172.16.10.1 172.16.10.3 QM_IDLE 1 0 ACTIVE

172.16.10.1 172.16.10.2 QM_IDLE 2 0 ACTIVE

R1-sever#show crypto ipsec sa

interface: Serial1/0

Crypto map tag: sun, local addr 172.16.10.1

protected vrf: (none)

local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/6/0)

remote ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/6/0)

current_peer 172.16.10.2 port 500

PERMIT, flags={}

#pkts encaps: 15, #pkts encrypt: 15, #pkts digest: 15

#pkts decaps: 16, #pkts decrypt: 16, #pkts verify: 16

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 15, #pkts compr. failed: 0

#pkts not decompressed: 16, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 172.16.10.1, remote crypto endpt.: 172.16.10.2

path mtu 1500, ip mtu 1500, ip mtu idb Serial1/0

current outbound spi: 0x5B7079B3(1534097843)

protected vrf: (none)

local ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/6/0)

remote ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/6/0)

current_peer 172.16.10.3 port 500

PERMIT, flags={}

#pkts encaps: 17, #pkts encrypt: 17, #pkts digest: 17

#pkts decaps: 16, #pkts decrypt: 16, #pkts verify: 16

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 17, #pkts compr. failed: 0

#pkts not decompressed: 16, #pkts decompress failed: 0

#send errors 0, #recv errors 0

local crypto endpt.: 172.16.10.1, remote crypto endpt.: 172.16.10.3

path mtu 1500, ip mtu 1500, ip mtu idb Serial1/0

current outbound spi: 0x9D287D8D(2636676493)

client2#show crypto isakmp sa

dst src state conn-id slot status

172.16.10.1 172.16.10.2 QM_IDLE 1 0 ACTIVE

client2#show crypto ipsec sa

interface: Serial1/2

Crypto map tag: sun2, local addr 172.16.10.2

protected vrf: (none)

local ident (addr/mask/prot/port): (2.2.2.2/255.255.255.255/6/0)

remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/6/0)

current_peer 172.16.10.1 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 16, #pkts encrypt: 16, #pkts digest: 16

#pkts decaps: 15, #pkts decrypt: 15, #pkts verify: 15

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 16, #pkts compr. failed: 0

#pkts not decompressed: 15, #pkts decompress failed: 0

#send errors 2, #recv errors 0

local crypto endpt.: 172.16.10.2, remote crypto endpt.: 172.16.10.1

path mtu 1500, ip mtu 1500, ip mtu idb Serial1/2

current outbound spi: 0xE3FF8E06(3825176070)

client3#show crypto isakmp sa

dst src state conn-id slot status

172.16.10.1 172.16.10.3 QM_IDLE 1 0 ACTIVE

client3#show crypto ipsec sa

interface: Serial1/3

Crypto map tag: sun3, local addr 172.16.10.3

protected vrf: (none)

local ident (addr/mask/prot/port): (3.3.3.3/255.255.255.255/6/0)

remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/6/0)

current_peer 172.16.10.1 port 500

PERMIT, flags={origin_is_acl,}

#pkts encaps: 16, #pkts encrypt: 16, #pkts digest: 16

#pkts decaps: 17, #pkts decrypt: 17, #pkts verify: 17

#pkts compressed: 0, #pkts decompressed: 0

#pkts not compressed: 16, #pkts compr. failed: 0

#pkts not decompressed: 17, #pkts decompress failed: 0

#send errors 2, #recv errors 0

local crypto endpt.: 172.16.10.3, remote crypto endpt.: 172.16.10.1

path mtu 1500, ip mtu 1500, ip mtu idb Serial1/3

current outbound spi: 0xA8BB7A1(176928673)

NBMA網絡　Dynamic IPsec ***

如何使用 JS 判斷用戶是否處於活躍狀態

通過HPA+CronHPA組合應對業務複雜彈性伸縮場景

我的友情鏈接

爲什麼需要VLAN

常規VLAN與擴展VLAN

NBMA網絡　Dynamic IPsec ***

ipsec-over-gre-over-multicast

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結

NBMA網絡 Dynamic IPsec ***

NBMA網絡　Dynamic IPsec ***