Site-to-site using rsa-encrypted

2008-02-23 04:54:49来源:互联网 阅读 ()

新老客户大回馈,云服务器低至5折

Target: site-to-site between R1 (172.25.1.0/24) and R4 Lo (172.25.2.0/24) using rsa-encrypted

hostname r1

crypto key pubkey-chain rsa
addressed-key 10.1.1.1
address 10.1.1.1
key-string
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C3167F C00AA729
4D772DC8 017CACE2 A4A524D8 CEA19ED5 53DE98C2 092B75FE 2437ABE0 86B5577F
B5CF417E 5736A996 1320328E ADF1E0C2 F77AF269 DD263B90 23020301 0001
quit
!

crypto isakmp policy 1
authentication rsa-encr
no crypto isakmp ccm
!
!
crypto ipsec transform-set vpnn esp-3des esp-sha-hmac
!
crypto map vpn-map 10 ipsec-isakmp
set peer 10.1.1.1
set transform-set vpnn
match address 100
!
interface Loopback0
ip address 172.25.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
speed 100
full-duplex
crypto map vpn-map

ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
access-list 100 permit ip 172.25.1.0 0.0.0.255 172.25.2.0 0.0.0.255
--------------------------------------------------------------------------------
r1#ping 172.25.2.1 sour 172.25.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.25.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.25.1.1
..!!!
Success rate is 60 percent (3/5), round-trip min/avg/max = 96/125/160 ms
r1#ping 172.25.2.1 sour 172.25.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.25.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.25.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/237/656 ms
r1#
r1#
r1#sh cry ips sa

interface: FastEthernet0/0
Crypto map tag: vpn-map, local addr 10.1.1.2

protected vrf: (none)
local ident (addr/mask/prot/port): (172.25.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (172.25.2.0/255.255.255.0/0/0)
current_peer 10.1.1.1 port 500
PERMIT, flags={origin_is_acl,ipsec_sa_request_sent}
#pkts encaps: 8, #pkts encrypt: 8, #pkts digest: 8
#pkts decaps: 8, #pkts decrypt: 8, #pkts verify: 8
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 2, #recv errors 0

local crypto endpt.: 10.1.1.2, remote crypto endpt.: 10.1.1.1
path mtu 1500, ip mtu 1500
current outbound spi: 0x58964BA2(1486244770)

inbound esp sas:
spi: 0x45397004(1161392132)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: SW:2, crypto map: vpn-map
sa timing: remaining key lifetime (k/sec): (4503023/3584)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE

inbound ah sas:

inbound pcp sas:

outbound esp sas:
spi: 0x58964BA2(1486244770)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: SW:1, crypto map: vpn-map
sa timing: remaining key lifetime (k/sec): (4503023/3582)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE

outbound ah sas:

outbound pcp sas:
r1#sh cry ?
ca Show certification authority policy
call Show crypto call admission info
debug-condition Debug Condition filters
dynamic-map Crypto map templates
engine Show crypto engine info
identity Show crypto identity list
ipsec Show IPSEC policy
isakmp Show ISAKMP
key Show long term public keys
map Crypto maps
mib Show Crypto-related MIB Parameters
optional Optional Encryption Status
pki Show PKI
session Show crypto sessions (tunnels)
sockets Secure Socket Information

-----------------------------------------------------------------------------

r1#sh cry key mypub rsa
% Key pair was generated at: 17:52:46 beijing Mar 1 2002
Key name: r1.r1.com
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C049D7 5C19AD08
3A2C9B25 5B7C833E A8B8AF56 D0CCC094 1EB970E2 BE10304E EB62D485 EAD398AA
12F620B1 B6169977 5A62998B C2E6A4FB 217E0D7D 7D167891 B1020301 0001
% Key pair was generated at: 17:52:47 beijing Mar 1 2002
Key name: r1.r1.com.server
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00B50AFE 89E973FA
B35FB463 9CDA8E4A 553140C7 FB3DCECE 91AE1CB4 9EF53A6D BAA08E5C FDCD629A
AE4F1AA9 A90CDEC2 8C0541D4 D6842577 F1941238 1F757EC3 A6461486 125DEFCB
21451309 59762CC6 ACEB1B96 327FDC5C B0829FB2 2CE02AF7 E7020301 0001

---------------------------------------------------------------
---------------------------------------------------------------

hostname r4

ip domain name r4.com

crypto key pubkey-chain rsa
addressed-key 10.1.1.2
address 10.1.1.2
key-string
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C049D7 5C19AD08
3A2C9B25 5B7C833E A8B8AF56 D0CCC094 1EB970E2 BE10304E EB62D485 EAD398AA
12F620B1 B6169977 5A62998B C2E6A4FB 217E0D7D 7D167891 B1020301 0001

标签:

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有

上一篇:PIX Configure ex. 31s

下一篇:自治系统号(ASN)探讨