文章分类 | 推荐文章 | 最新文章 | 热点文章 | 最新软件 | 精品软件 | 下载排行 | 推荐下载 | 免费看大片 | WPS | 杀毒软件
清风网络
首 页 软件下载 网络学院 数码学院
QQ 电脑入门 游戏 操作系统 图形处理 办公软件 媒体动画 精文荟萃 工具软件 网络编程 程序开发 网络技术 认证考试 网站建设 文章专栏
当前位置:清风网络学院网络技术Cisco网络Tunnel-less VPN (Group Encrypted Transport)
精品推荐
特别推荐
·Cisco管理的35个常见问题及解答
·思科路由过滤命令详细解说
·Cisco PIX防火墙配置指南
·思科Cisco交换机VLAN的配置技巧
·Cisco教程:路由器的配置及测试
·Cisco 路由器配置语句汇总
·CISCO相关技术大集合
·Cisco防火墙选购配置完全指南
·CCNA网络小菜鸟笔记
·Cisco公司网络工程实施案例
·思科华为几种主流交换机的镜像配置方法
·配置Cisco路由器中的Modem
·思科交换机如何防范典型欺骗和攻击
·CCNA命令总动员(上)
·Cisco路由器产品介绍
·CISCO的快速转发
·Cisco3640 升级IOS启动失败--探讨分析
·思科交换机常用命令
·思科Catalyst 2900系列XL 10/100交换机
·CISCO 4908的配置实例
热点TOP10
·思科3550交换机配置(1)
·Cisco Catalyst 4506双机热备配置
·CISCO 技术大集合:N多适合你们的技术
·Cisco PIX防火墙配置命令大全
·Cisco PIX防火墙配置指南
·思科路由设备安全配置建议(手册)
·思科Cisco交换机VLAN的配置技巧
·Cisco Catalyst 2948G-L3 配置样例
·思科交换机常用命令
·如何建立一个 CCIE Home Lab之Part Six
·[认证宝典]CISCO实验模拟器完全攻略
·思科华为几种主流交换机的镜像配置方法
·CCNA命令总动员(上)
·Cisco Works2000及Ipswith Whatups Gold使用指南
·Cisco IOS Cookbook 中文精简版第二十三章 IP组播
·Cisco路由器产品介绍
·Catalyst 2948G-L3配置样例(全设备配置之一)
·Cisco IOS Cookbook 中文精简版第十七章 SNMP
·Cisco 路由器配置语句汇总
·全盘揭秘:思科路由器接口及模块(上)

Tunnel-less VPN (Group Encrypted Transport)
日期:2007年5月6日 作者: 查看:[大字体 中字体 小字体]

Tunnel-less VPN (Group Encrypted Transport)

点击查看大图

hostname r1
crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 123.1.1.2
crypto isakmp key cisco address 123.1.1.3
!
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
!
crypto ipsec profile profile1
set transform-set test
!
crypto gdoi group tcy
identity number 8879576
server local
rekey retransmit 10 number 2
sa ipsec 10
profile profile1
match address ipv4 100
replay counter window-size 64
!
!
crypto map tcy 10 gdoi
set group tcy

interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 123.1.1.1 255.255.255.0
crypto map tcy
!
router ospf 1
network 10.1.1.0 0.0.0.255 area 10
network 123.1.1.0 0.0.0.255 area 10

access-list 100 permit ip 20.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
access-list 100 permit ip 30.1.1.0 0.0.0.255 20.1.1.0 0.0.0.255
----------------------------------------------------------------------
hostname r2

crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 123.1.1.1
crypto isakmp key cisco address 123.1.1.3
!
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
crypto gdoi group tcy
identity number 8879576
server address ipv4 123.1.1.1
!
!
crypto map test 10 gdoi
set group tcy
!

interface Loopback0
ip address 20.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 123.1.1.2 255.255.255.0
crypto map test
!
router ospf 1
network 20.1.1.0 0.0.0.255 area 10
network 123.1.1.0 0.0.0.255 area 10
-------------------------------------------------------------------
hostname r3

crypto isakmp policy 10
authentication pre-share
crypto isakmp key cisco address 123.1.1.1
crypto isakmp key cisco address 123.1.1.2
!
!
crypto ipsec transform-set test esp-aes esp-sha-hmac
crypto gdoi group tcy
identity number 8879576
server address ipv4 123.1.1.1
!
!
crypto map test 10 gdoi
set group tcy

interface Loopback0
ip address 30.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 123.1.1.3 255.255.255.0
crypto map test
!
router ospf 1
network 30.1.1.0 0.0.0.255 area 10
network 123.1.1.0 0.0.0.255 area 10
!
-------------------------------------------------------------------
r1#sh cry gdoi ks
Total group members registered to this box: 2

Key Server Information For Group tcy:
Group Name : tcy
Group Identity : 8879576
Group Members : 2
IPSec SA Direction : Both
ACL Configured:
access-list 100
-------------------------------------------------------------------
r1#sh cry gdoi
Group Information

Group Name : tcy
Group Identity : 8879576
Group Members : 2
IPSec SA Direction : Both
Active Group Server : Local
Group Rekey Lifetime : 86400 secs
Rekey Retransmit Period : 10 secs
Rekey Retransmit Attempts: 2

IPSec SA Number : 10
IPSec SA Rekey Lifetime: 3600 secs
Profile Name : profile1
Replay method : Count Based
Replay Window Size : 64
SA Rekey
Remaining Lifetime : 2676 secs
ACL Configured : access-list 100

Group Server list : Local
-------------------------------------------------------------------
r2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

20.0.0.0/24 is subnetted, 1 subnets
C 20.1.1.0 is directly connected, Loopback0
10.0.0.0/32 is subnetted, 1 subnets
O 10.1.1.1 [110/2] via 123.1.1.1, 00:07:03, FastEthernet0/0
123.0.0.0/24 is subnetted, 1 subnets
C 123.1.1.0 is directly connected, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O 30.1.1.1 [110/2] via 123.1.1.3, 00:07:03, FastEthernet0/0
------------------------------------------------------------------
r2#sh cry gdoi gm
Group Member Information For Group tcy:
IPSec SA Direction : Inbound Optional
ACL Received From KS : gdoi_group_tcy_temp_acl
Re-register
Remaining time : 2576 secs

------------------------------------------------------------------
r2#sh cry gdoi ipsec sa

SA created for group tcy:
FastEthernet0/0:
protocol = ip
local ident = 20.1.1.0/24, port = 0
remote ident = 30.1.1.0/24, port = 0
direction: Both, replay: Disabled
protocol = ip
local ident = 30.1.1.0/24, port = 0
remote ident = 20.1.1.0/24, port = 0
direction: Both, replay: Disabled

-------------------------------------------------------------------
r2#sh cry ips sa

interface: FastEthernet0/0
Crypto map tag: test, local addr 123.1.1.2

protected vrf: (none)
local ident (addr/mask/prot/port): (30.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
current_peer port 848
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 123.1.1.2, remote crypto endpt.:
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x3E14DDF4(1041554932)

inbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 7, flow_id: 7, crypto map: test
sa timing: remaining key lifetime (k/sec): (4450547/2630)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 8, flow_id: 8, crypto map: test
sa timing: remaining key lifetime (k/sec): (4450547/2629)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (30.1.1.0/255.255.255.0/0/0)
current_peer port 848
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 123.1.1.2, remote crypto endpt.:
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x3E14DDF4(1041554932)

inbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 5, flow_id: 5, crypto map: test
sa timing: remaining key lifetime (k/sec): (4532355/2629)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 6, flow_id: 6, crypto map: test
sa timing: remaining key lifetime (k/sec): (4532355/2628)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

outbound ah sas:

outbound pcp sas:
-------------------------------------------------------------------------
r2#sh cry map
Crypto Map "test" 10 gdoi
Group Name: tcy
identity number 8879576
server address ipv4 123.1.1.1
Interfaces using crypto map test:
FastEthernet0/0
-------------------------------------------------------------------------
r2#p ip
Target IP address: 30.1.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 20.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 20.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 412/629/840 ms

------------------------------------------------------------------------
r2#sh cry ips sa

interface: FastEthernet0/0
Crypto map tag: test, local addr 123.1.1.2

protected vrf: (none)
local ident (addr/mask/prot/port): (30.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
current_peer port 848
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 123.1.1.2, remote crypto endpt.:
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x3E14DDF4(1041554932)

inbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 7, flow_id: 7, crypto map: test
sa timing: remaining key lifetime (k/sec): (4450547/2608)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 8, flow_id: 8, crypto map: test
sa timing: remaining key lifetime (k/sec): (4450547/2593)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

outbound ah sas:

outbound pcp sas:

protected vrf: (none)
local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (30.1.1.0/255.255.255.0/0/0)
current_peer port 848
PERMIT, flags={origin_is_acl,}
#pkts encaps: 5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0

local crypto endpt.: 123.1.1.2, remote crypto endpt.:
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x3E14DDF4(1041554932)

inbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 5, flow_id: 5, crypto map: test
sa timing: remaining key lifetime (k/sec): (4532354/2592)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x3E14DDF4(1041554932)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 6, flow_id: 6, crypto map: test
sa timing: remaining key lifetime (k/sec): (4532354/2588)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE

outbound ah sas:

outbound pcp sas:
-----------------------------------------------------------------------
================================================== ======================
r3(config)#int fa0/0
r3(config-if)#do sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

20.0.0.0/32 is subnetted, 1 subnets
O 20.1.1.1 [110/2] via 123.1.1.2, 00:01:25, FastEthernet0/0
10.0.0.0/32 is subnetted, 1 subnets
O 10.1.1.1 [110/2] via 123.1.1.1, 00:01:26, FastEthernet0/0
123.0.0.0/24 is subnetted, 1 subnets
C 123.1.1.0 is directly connected, FastEthernet0/0
30.0.0.0/24 is subnetted, 1 subnets
C 30.1.1.0 is directly connected, Loopback0
------------------------------------------------------------------------
r3(config-if)#do sh cry map
Crypto Map "test" 10 gdoi
Group Name: tcy
identity number 8879576
server address ipv4 123.1.1.1
Interfaces using crypto map test:
FastEthernet0/0
-----------------------------------------------------------------------

进入讨论组讨论。
[1] [2] 下一页 




上一篇:MPLS-OSPF Sham-Link

下一篇:镜像端口建立方法

Tunnel-less VPN (Group Encrypted Transport) 相关文章:
·用Net Transport突破单线程限制 提高下载速度
·编程实例 WebGroupBox(Aspx控件)
·SQL Group by 学习
·Net Transport--突破单线程下载的限制
·巧用NetTransport快速添加下载任务
·RFC4046 - Multicast Security (MSEC) Group Key Management Architecture
·RFC3539 - Authentication, Authorization and Accounting (AAA) Transport Profile
·Google Group Beta
·第四节 GROUP BY 和 HAVING 子句
·VPN实验小结-site to site vpn的配置(采用rsa-encrypted)
Tunnel-less VPN (Group Encrypted Transport) 相关软件:
·Group Mail Free V5.2.0.51
·网络传送带(Net Transport)V2.51 Build 383
·Network Working Group
·HigroupBBS v4.02
·CARTHAGO Groupware 2005V3.0
·MBizGroup PhotoEditorV1.5
·Encrypted Briefcase PersonalV2.6
·影音传送带(Net Transport)V1.94d 简体中文版
·MBizGroup FTPV1.0
·Encrypted Magic FoldersV3.10.2

特别声明:本站除部分特别声明禁止转载的专稿外的其他文章可以自由转载,但请务必注明出处和原始作者。文章版权归文章原始作者所有。对于被本站转载文章的个人和网站,我们表示深深的谢意。如果本站转载的文章有版权问题请联系编辑人员,我们尽快予以更正。
[打印本页] [关闭窗口] 转载请注明来源:http://www.viphot.com
| 帮助(?) | 版权声明 | 友情连接 | 关于我们 | 信息发布
Copyright 2007 www.viphot.com All Rights Reserved. 鄂ICP备05000083号Powered by:viphot