PIX 6.3 site-to-site with Router 12.2T using …
2008-02-23 04:53:30来源:互联网 阅读 ()
pix-boris(config)# sh cry ips sainterface: outside
Crypto map tag: test, local addr. 172.29.6.8
local ident (addr/mask/prot/port): (10.1.8.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.1.108.0/255.255.255.0/0/0)
current_peer: 172.29.6.108:500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 4, #pkts encrypt: 4, #pkts digest 4
#pkts decaps: 4, #pkts decrypt: 4, #pkts verify 4
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 172.29.6.8, remote crypto endpt.: 172.29.6.108
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 12370c13
inbound esp sas:
spi: 0x7b8c1e7e(2072780414)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 4, crypto map: test
sa timing: remaining key lifetime (k/sec): (4607999/3534)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x12370c13(305597459)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3, crypto map: test
sa timing: remaining key lifetime (k/sec): (4607999/3534)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
pix-boris(config)# wr t
Building configuration...
: Saved
:
PIX Version 6.3(3)
interface ethernet0 100basetx
interface ethernet1 100full
interface ethernet2 auto shutdown
interface ethernet3 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
nameif ethernet3 intf3 security6
enable password 2KFQnbNIdI.2KYOU encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname pix-boris
domain-name boris.com
clock timezone EST -5
clock summer-time EST recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 100 permit ip 10.1.8.0 255.255.255.0 10.1.108.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu intf2 1500
mtu intf3 1500
ip address outside 172.29.6.8 255.255.255.0
ip address inside 10.1.8.1 255.255.255.0
no ip address intf2
no ip address intf3
ip audit info action alarm
ip audit attack action alarm
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address intf2
no failover ip address intf3
pdm history enable
arp timeout 14400
nat (inside) 0 access-list 100
route outside 0.0.0.0 0.0.0.0 172.29.6.254 1
route outside 10.1.108.0 255.255.255.0 172.29.6.108 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS protocol tacacs
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto map test 20 ipsec-isakmp
crypto map test 20 match address 100
crypto map test 20 set peer 172.29.6.108
crypto map test 20 set transform-set myset
crypto map test interface outside
isakmp enable outside
isakmp key ******** address 172.29.6.108 netmask 255.255.255.255
isakmp policy 20 authentication rsa-sig
isakmp policy 20 encryption des
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 36000
ca identity test 172.29.1.43:/certsrv/mscep/mscep.dll
ca configure test ra 1 3
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:87df89e402af0b5156db6fe113320a87
: end
[OK]
pix-boris(config)#
pix-boris(config)# sh cry ca myp rsa
% Key pair was generated at: 14:01:33 EST Jun 5 2005
Key name: pix-boris.boris.com
Usage: General Purpose Key
Key Data:
305c300d 06092a86 4886f70d 01010105 00034b00 30480241 00ac804e cb49d328
c751b2e7 e77582df 0baf8bca 4690d616 95f9712b fbd90de3 83b3d757 b93df64d
86151b62 cb2c8a44 2716a629 edebf611 3b60ee48 bd87867b e1020301 0001
pix-boris(config)# sh cry ca cert
Certificate
Status: Available
Certificate Serial Number: 013899e4000000000011
Key Usage: General Purpose
Subject Name:
CN = pix-boris.boris.com
UNSTRUCTURED NAME = pix-boris.boris.com
Validity Date:
start date: 15:09:33 EST Jun 5 2005
end date: 15:19:33 EST Jun 5 2006
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
相关文章
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
热门词条
最新资讯
热门关注
热门标签