ipsec vpn iso-vyos
来源:互联网 发布:工业设计常用建模软件 编辑:程序博客网 时间:2024/04/30 13:42
LL1#show run
LL1#show running-config
Building configuration...
Current configuration : 1757 bytes
!
! Last configuration change at 07:23:45 UTC Thu Jun 2 2016
! NVRAM config last updated at 07:31:15 UTC Thu Jun 2 2016
! NVRAM config last updated at 07:31:15 UTC Thu Jun 2 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LL1
!
boot-start-marker
boot-end-marker
!
!
enable password both-win
!
no aaa new-model
!
memory-size iomem 15
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FGL1808250K
!
!
!
redundancy
!
!
!
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86000
crypto isakmp key cisco address 1.1.1.1
!
!
crypto ipsec transform-set TRANS-SET esp-3des esp-md5-hmac
!
crypto map CRY_MAP 10 ipsec-isakmp
set peer 1.1.1.1
set transform-set TRANS-SET
match address vpn
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.11.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 3.3.3.2 255.255.255.0
duplex auto
speed auto
crypto map CRY_MAP
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 3.3.3.1
!
ip access-list extended vpn
permit ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password both-win
login
transport input all
!
scheduler allocate 20000 1000
end
LL1#
vyos@LL2:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
eth0 - u/D
eth1 3.3.3.1/24 u/u
eth2 2.2.2.2/24 u/u
eth3 - u/D
eth4 - u/D
eth5 - u/D
lo 127.0.0.1/8 u/u
::1/128
tun10 10.10.10.2/30 u/u
vyos@LL2:~$
vyos@LL2:~$
vyos@LL2:~$ show con
configuration conntrack conntrack-sync
vyos@LL2:~$ show configuration commands
set interfaces ethernet eth0 hw-id '00:7a:2e:89:f8:c8'
set interfaces ethernet eth1 address '3.3.3.1/24'
set interfaces ethernet eth1 hw-id '00:7a:2e:89:f8:c9'
set interfaces ethernet eth2 address '2.2.2.2/24'
set interfaces ethernet eth2 hw-id '00:7a:2e:89:f8:ca'
set interfaces ethernet eth3 hw-id '00:7a:2e:89:f8:cb'
set interfaces ethernet eth4 hw-id '00:7a:2e:89:f8:cc'
set interfaces ethernet eth5 hw-id '00:7a:2e:89:f8:cd'
set interfaces loopback 'lo'
set interfaces tunnel tun10 address '10.10.10.2/30'
set interfaces tunnel tun10 encapsulation 'gre'
set interfaces tunnel tun10 local-ip '2.2.2.2'
set interfaces tunnel tun10 multicast 'disable'
set interfaces tunnel tun10 remote-ip '2.2.2.1'
set protocols static route 1.1.1.0/24 next-hop '10.10.10.1'
set service ssh port '2707'
set system config-management commit-revisions '20'
set system conntrack expect-table-size '2048'
set system conntrack hash-size '131072'
set system conntrack modules 'ftp'
set system conntrack modules sip 'enable-indirect-media'
set system conntrack modules sip 'enable-indirect-signalling'
set system conntrack table-size '1048576'
set system conntrack tcp half-open-connections '512'
set system conntrack tcp loose 'enable'
set system conntrack tcp max-retrans '300'
set system conntrack timeout icmp '130'
set system conntrack timeout other '1024'
set system conntrack timeout tcp close '10'
set system conntrack timeout tcp close-wait '60'
set system conntrack timeout tcp established '800'
set system conntrack timeout tcp fin-wait '120'
set system conntrack timeout tcp last-ack '30'
set system conntrack timeout tcp syn-recv '60'
set system conntrack timeout tcp syn-sent '120'
set system conntrack timeout tcp time-wait '120'
set system console device ttyS0 speed '9600'
set system host-name 'LL2'
set system login user vyos authentication encrypted-password '$6$q.Q6qw2/cZGpm$g0/RwTKPUnXi0/EFDyWdRAGoQwlUoKBIbLKF0EOzgU9YPbd7YrlywF8Nk1.iOsj0sUEhhatyg47n6KvY65MuO1'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server '152.104.200.127'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'Asia/Hong_Kong'
vyos@LL2:~$
vyos@LL3:~$ show configuration commands
set interfaces ethernet eth0 hw-id '00:30:11:20:a2:8c'
set interfaces ethernet eth1 address '1.1.1.2/24'
set interfaces ethernet eth1 hw-id '00:30:11:20:a2:8d'
set interfaces ethernet eth2 address '2.2.2.1/24'
set interfaces ethernet eth2 hw-id '00:30:11:20:a2:8e'
set interfaces ethernet eth3 hw-id '00:30:11:20:a2:8f'
set interfaces ethernet eth4 hw-id '00:30:11:20:a2:90'
set interfaces ethernet eth5 hw-id '00:30:11:20:a2:91'
set interfaces loopback 'lo'
set interfaces tunnel tun10 address '10.10.10.1/30'
set interfaces tunnel tun10 encapsulation 'gre'
set interfaces tunnel tun10 local-ip '2.2.2.1'
set interfaces tunnel tun10 multicast 'disable'
set interfaces tunnel tun10 remote-ip '2.2.2.2'
set protocols static route 3.3.3.0/24 next-hop '10.10.10.2'
set service ssh port '2707'
set service telnet port '2708'
set system config-management commit-revisions '20'
set system conntrack expect-table-size '2048'
set system conntrack hash-size '131072'
set system conntrack modules 'ftp'
set system conntrack modules sip 'enable-indirect-media'
set system conntrack modules sip 'enable-indirect-signalling'
set system conntrack table-size '1048576'
set system conntrack tcp half-open-connections '512'
set system conntrack tcp loose 'enable'
set system conntrack tcp max-retrans '300'
set system conntrack timeout icmp '130'
set system conntrack timeout other '1024'
set system conntrack timeout tcp close '10'
set system conntrack timeout tcp close-wait '60'
set system conntrack timeout tcp established '800'
set system conntrack timeout tcp fin-wait '120'
set system conntrack timeout tcp last-ack '30'
set system conntrack timeout tcp syn-recv '60'
set system conntrack timeout tcp syn-sent '120'
set system conntrack timeout tcp time-wait '120'
set system console device ttyS0 speed '9600'
set system host-name 'LL3'
set system login user vyos authentication encrypted-password '$6$q.Q6qw2/cZGpm$g0/RwTKPUnXi0/EFDyWdRAGoQwlUoKBIbLKF0EOzgU9YPbd7YrlywF8Nk1.iOsj0sUEhhatyg47n6KvY65MuO1'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server '152.104.200.127'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'Asia/Hong_Kong'
vyos@LL3:~$
--------------------------------------------------------------------------------
vyos@LL4:~$ show vpn ipsec sa
Peer ID / IP Local ID / IP
------------ -------------
3.3.3.2 1.1.1.1
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
1 up 27.1K/27.1K 3des md5 no 1132 1800 all
vyos@LL4:~$
vyos@LL4:~$
vyos@LL4:~$ show configuration commands
set interfaces ethernet eth0 address '192.168.10.1/24'
set interfaces ethernet eth0 hw-id '00:90:27:ff:23:1f'
set interfaces ethernet eth1 address '1.1.1.1/24'
set interfaces ethernet eth1 hw-id '00:90:27:ff:23:20'
set interfaces ethernet eth2 hw-id '00:90:27:ff:23:21'
set interfaces ethernet eth3 hw-id '00:90:27:ff:23:22'
set interfaces ethernet eth4 hw-id '00:90:27:ff:23:23'
set interfaces ethernet eth5 hw-id '00:90:27:ff:23:24'
set interfaces loopback 'lo'
set protocols static route 0.0.0.0/0 next-hop '1.1.1.2'
set service ssh port '2707'
set system config-management commit-revisions '20'
set system conntrack expect-table-size '2048'
set system conntrack hash-size '131072'
set system conntrack modules 'ftp'
set system conntrack modules sip 'enable-indirect-media'
set system conntrack modules sip 'enable-indirect-signalling'
set system conntrack table-size '1048576'
set system conntrack tcp half-open-connections '512'
set system conntrack tcp loose 'enable'
set system conntrack tcp max-retrans '300'
set system conntrack timeout icmp '130'
set system conntrack timeout other '1024'
set system conntrack timeout tcp close '10'
set system conntrack timeout tcp close-wait '60'
set system conntrack timeout tcp established '800'
set system conntrack timeout tcp fin-wait '120'
set system conntrack timeout tcp last-ack '30'
set system conntrack timeout tcp syn-recv '60'
set system conntrack timeout tcp syn-sent '120'
set system conntrack timeout tcp time-wait '120'
set system console device ttyS0 speed '9600'
set system host-name 'LL4'
set system login user vyos authentication encrypted-password '$6$q.Q6qw2/cZGpm$g0/RwTKPUnXi0/EFDyWdRAGoQwlUoKBIbLKF0EOzgU9YPbd7YrlywF8Nk1.iOsj0sUEhhatyg47n6KvY65MuO1'
set system login user vyos authentication plaintext-password ''
set system login user vyos level 'admin'
set system ntp server '152.104.200.127'
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'Asia/Hong_Kong'
set vpn ipsec esp-group ESP-1W lifetime '1800'
set vpn ipsec esp-group ESP-1W proposal 1 encryption '3des'
set vpn ipsec esp-group ESP-1W proposal 1 hash 'md5'
set vpn ipsec esp-group ESP-1W proposal 2 encryption '3des'
set vpn ipsec esp-group ESP-1W proposal 2 hash 'md5'
set vpn ipsec ike-group IKE-1W lifetime '86000'
set vpn ipsec ike-group IKE-1W proposal 1 encryption '3des'
set vpn ipsec ike-group IKE-1W proposal 1 hash 'md5'
set vpn ipsec ike-group IKE-1W proposal 2 encryption 'aes128'
set vpn ipsec ike-group IKE-1W proposal 2 hash 'sha1'
set vpn ipsec ipsec-interfaces interface 'eth1'
set vpn ipsec site-to-site peer 3.3.3.2 authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer 3.3.3.2 authentication pre-shared-secret 'cisco'
set vpn ipsec site-to-site peer 3.3.3.2 default-esp-group 'ESP-1W'
set vpn ipsec site-to-site peer 3.3.3.2 ike-group 'IKE-1W'
set vpn ipsec site-to-site peer 3.3.3.2 local-address '1.1.1.1'
set vpn ipsec site-to-site peer 3.3.3.2 tunnel 1 local prefix '192.168.10.0/24'
set vpn ipsec site-to-site peer 3.3.3.2 tunnel 1 remote prefix '192.168.11.0/24'
vyos@LL4:~$
Router#show running-config
Building configuration...
Current configuration : 1181 bytes
!
! Last configuration change at 07:25:23 UTC Thu Jun 2 2016
! NVRAM config last updated at 07:31:03 UTC Thu Jun 2 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable password both-win
!
no aaa new-model
!
memory-size iomem 15
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FGL164824HH
license accept end user agreement
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.10.2 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password both-win
login
transport input all
!
scheduler allocate 20000 1000
end
Router#
Router#ping 192.168.11.2 repeat 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
LL1#
LL1#
LL1#
LL1#
Router#show configuration co
Router#show configuration co
^
% Invalid input detected at '^' marker.
Router#sho run
Router#sho running-config
Building configuration...
Current configuration : 1022 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password both-win
!
no aaa new-model
!
resource policy
!
memory-size iomem 15
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
ip address 192.168.11.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
no ip address
!
ip route 0.0.0.0 0.0.0.0 192.168.11.1
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password both-win
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
Router#
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 103668 103668 3.3.3.2
2002 IPsec 3DES+MD5 103667 0 0 3.3.3.2
LL1#
LL1#
LL1#
Router#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Router#ping 192.168.10.2 ?
data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
validate validate reply data
<cr>
Router#ping 192.168.10.2 re
Router#ping 192.168.10.2 repeat ?
<1-2147483647> Repeat count
Router#ping 192.168.10.2 repeat 10000
Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Router#
Router#
Router#
Router#
Router#show ip ro
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.10.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.10.1
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0
L 192.168.10.2/32 is directly connected, GigabitEthernet0/0
Router#ping 192.168.11.2 re
Router#ping 192.168.11.2 repeat 100000
Type escape sequence to abort.
Sending 100000, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?
LL1#
LL1#
LL1#
LL1#
LL1#
LL1#
LL1#
LL1#show conf
LL1#show configuration co
LL1#show cr
LL1#show crypto ipse
LL1#show crypto ipsec ?
client Show Client Status
default Default crypto transform sets
policy Show IPSEC client policies
profile Show ipsec profile information
sa IPSEC SA table
security-association Show parameters for IPSec security associations
spi-lookup IPSEC SPI table
transform-set Crypto transform sets
LL1#show crypto ipsec se
LL1#show crypto ipsec security-association ?
idle-time Show this router's security association idletime settings
lifetime Show this router's security association lifetime settings
LL1#show crypto ipsec security-association
Security association lifetime: 4608000 kilobytes/3600 seconds
LL1#show crypto ?
call Show crypto call admission info
ctcp cTCP connections
datapath Data Path
debug-condition Debug Condition filters
dynamic-map Crypto map templates
eli Encryption Layer Interface
engine Show crypto engine info
gdoi Show crypto gdoi
ha Crypto High Availability information
identity Show crypto identity list
ikev2 Shows ikev2 info
ipsec Show IPSEC policy
isakmp Show ISAKMP
key Show long term public keys
map Crypto maps
mib Show Crypto-related MIB Parameters
optional Optional Encryption Status
pki Show PKI
route Show crypto VPN routes
ruleset Show crypto rules on outgoing packets
session Show crypto sessions (tunnels)
sockets Secure Socket Information
tech-support Displays relevant crypto information
LL1#show crypto ipsec sa
interface: GigabitEthernet0/1
Crypto map tag: CRY_MAP, local addr 3.3.3.2
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.11.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
current_peer 1.1.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 41875, #pkts encrypt: 41875, #pkts digest: 41875
#pkts decaps: 41875, #pkts decrypt: 41875, #pkts verify: 41875
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 3.3.3.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
current outbound spi: 0xC55103EF(3310420975)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x8D046D64(2365877604)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: Onboard VPN:1, sibling_flags 80000046, crypto map: CRY_MAP
sa timing: remaining key lifetime (k/sec): (4486813/962)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xC55103EF(3310420975)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: Onboard VPN:2, sibling_flags 80000046, crypto map: CRY_MAP
sa timing: remaining key lifetime (k/sec): (4486813/962)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
LL1#
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 103668 103668 3.3.3.2
2002 IPsec 3DES+MD5 103667 0 0 3.3.3.2
LL1#
LL1#
LL1#
LL1#
LL1#show crypto ipsec sa
interface: GigabitEthernet0/1
Crypto map tag: CRY_MAP, local addr 3.3.3.2
protected vrf: (none)
local ident (addr/mask/prot/port): (192.168.11.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
current_peer 1.1.1.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 110337, #pkts encrypt: 110337, #pkts digest: 110337
#pkts decaps: 110337, #pkts decrypt: 110337, #pkts verify: 110337
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 3.3.3.2, remote crypto endpt.: 1.1.1.1
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
current outbound spi: 0xC55103EF(3310420975)
PFS (Y/N): Y, DH group: group2
inbound esp sas:
spi: 0x8D046D64(2365877604)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: Onboard VPN:1, sibling_flags 80000046, crypto map: CRY_MAP
sa timing: remaining key lifetime (k/sec): (4476650/857)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xC55103EF(3310420975)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: Onboard VPN:2, sibling_flags 80000046, crypto map: CRY_MAP
sa timing: remaining key lifetime (k/sec): (4476650/857)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
LL1#
LL1#
LL1#
LL1#
L1#
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#
LL1#
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#
LL1#show crypto engine connections active
Crypto Engine Connections
ID Type Algorithm Encrypt Decrypt LastSeqN IP-Address
1001 IKE MD5+3DES 0 0 0 3.3.3.2
2001 IPsec 3DES+MD5 0 110337 110337 3.3.3.2
2002 IPsec 3DES+MD5 110337 0 0 3.3.3.2
2003 IPsec 3DES+MD5 0 0 0 3.3.3.2
2004 IPsec 3DES+MD5 0 0 0 3.3.3.2
LL1#
bothwin@LL4:~$
bothwin@LL4:~$ show ipsec
Invalid command: show [ipsec]
bothwin@LL4:~$ show vpn
Possible completions:
debug Show VPN debugging information
ike Show Internet Key Exchange (IKE) information
ipsec Show Internet Protocol Security (IPsec) information
remote-access Show active remote access Virtual Private Network (VPN) sessions
bothwin@LL4:~$ show vpn ipsec
Possible completions:
policy Show the in-kernel crypto policies
sa Show all active IPsec Security Associations (SA)
state Show the in-kernel crypto state
status Show status of IPsec process
bothwin@LL4:~$ show vpn ipsec sa
Peer ID / IP Local ID / IP
------------ -------------
3.3.3.2 1.1.1.1
Tunnel State Bytes Out/In Encrypt Hash NAT-T A-Time L-Time Proto
------ ----- ------------- ------- ---- ----- ------ ------ -----
1 up 0.0/0.0 3des md5 no 1085 1800 all
bothwin@LL4:~$
bothwin@LL4:~$
bothwin@LL4:~$ show vpn ipsec st
state status
bothwin@LL4:~$ show vpn ipsec state
src 1.1.1.1 dst 3.3.3.2
proto esp spi 0xa3842687 reqid 16384 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(md5) 0xfe8a5f895412ab530ba27cc339ea2133 96
enc cbc(des3_ede) 0x63ff541ae4c908646dfeada0574064c09fbffbab18fba67d
src 3.3.3.2 dst 1.1.1.1
proto esp spi 0xc5923735 reqid 16384 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(md5) 0x261405ee51e6abe867ae56c31d6b0cba 96
enc cbc(des3_ede) 0xa145d36496a116f5f731ae18e3b15f28d39ff2923673f322
src 1.1.1.1 dst 3.3.3.2
proto esp spi 0x8d046d64 reqid 16384 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(md5) 0xeb7725e129fbea33294a97b1233cf853 96
enc cbc(des3_ede) 0xf8c3086840f55a6ea44bdba0096bd1e59c07a1aa8c8ac460
src 3.3.3.2 dst 1.1.1.1
proto esp spi 0xc55103ef reqid 16384 mode tunnel
replay-window 32 flag af-unspec
auth-trunc hmac(md5) 0x94845a658ea3fa059e1a48db79931f76 96
enc cbc(des3_ede) 0x7e00bbbd49d9a0c1ba69b55e96c81117beb7f008acc84be0
bothwin@LL4:~$ show vpn ipsec
Possible completions:
policy Show the in-kernel crypto policies
sa Show all active IPsec Security Associations (SA)
state Show the in-kernel crypto state
status Show status of IPsec process
bothwin@LL4:~$ show vpn ipsec status
IPSec Process Running PID: 5160
1 Active IPsec Tunnels
IPsec Interfaces :
eth1 (1.1.1.1)
bothwin@LL4:~$
bothwin@LL4:~$ show vpn ipsec
Possible completions:
policy Show the in-kernel crypto policies
sa Show all active IPsec Security Associations (SA)
state Show the in-kernel crypto state
status Show status of IPsec process
bothwin@LL4:~$ show vpn ipsec policy
Possible completions:
<Enter> Execute the current command
bothwin@LL4:~$ show vpn ipsec policy
src 192.168.10.0/24 dst 192.168.11.0/24
dir out priority 1859 ptype main
tmpl src 1.1.1.1 dst 3.3.3.2
proto esp reqid 16384 mode tunnel
src 192.168.11.0/24 dst 192.168.10.0/24
dir fwd priority 1859 ptype main
tmpl src 3.3.3.2 dst 1.1.1.1
proto esp reqid 16384 mode tunnel
src 192.168.11.0/24 dst 192.168.10.0/24
dir in priority 1859 ptype main
tmpl src 3.3.3.2 dst 1.1.1.1
proto esp reqid 16384 mode tunnel
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
bothwin@LL4:~$
bothwin@LL4:~$
- ipsec vpn iso-vyos
- vyos vpn pptp
- IPSEC VPN
- IPsec VPN
- IPSec vpn
- IPSEC VPN
- IPSec VPN
- ipsec vpn
- vyos
- vyos
- vyos
- vyos
- vyos
- vyos
- vyos
- IPsec vpn with NAT
- IPSec VPN Design
- IPSEC VPN 配置
- android TV盒子开发心得(一)
- iframe页面滚动条置顶
- Centos5.8下搭建svn
- hdu 2059 龟兔赛跑 水题
- 欢迎使用CSDN-markdown编辑器
- ipsec vpn iso-vyos
- 中间件漏洞检测框架(F-MiddlewareScan)屌丝归档笔记
- Java(JVM)内存模型,垃圾回收
- mongodb权限设置之添加管理员、普通用户的方法
- Linux环境搭建xampp+禅道
- Java 动态代理详解(JDK 和CGLIB,Javassist,ASM)
- java-总结
- OS X Core Controls Tutorial: Part 1/2 学习笔记
- linux设备驱动归纳总结(一):内核的相关基础概念
