IPv6在校园网中的应用-IP安全分析 第9页
ip relay address 101.1.1.1
dhcp select relay
ipsec policy torouter1
#
interface Ethernet0/1
ip address 102.2.2.254 255.255.255.0
ip relay address 101.1.1.1
dhcp select relay
#
interface Serial1/1
link-protocol ppp
ip address 11.1.1.2 255.255.255.252
#
acl number 3001
rule 0 permit ip source 102.2.2.0 0.0.0.255 destination 103.3.3.0 0.0.0.255
#
ip route-static 103.3.3.254 24 104.4.4.1
ip route-static 0.0.0.0 0 11.1.1.1
From the configuration files, you may be known that we choose tunnel as encapsulation-mode, ESP as security protocol, 3DES as encryption-algorithm and SHA1 as authentication-algorithm in the security proposal; and we apply the IPsec policy “torouter3” on router1’s Ethernet interface 3/0 and apply the IPsec policy “torouter1” on router3’s Ethernet interface 0/0. We have separate created one Access Control lists on the two routers
5.3 Test and analysis IPsec
After we configured the platform, we do not know it works or not. We can use some kinds of ways to test that it works or not. The first kind of way is that using commands on the routes display the running configuration and debugging informations. The second way is that the third subnet’s user captures the packets among the communication links and analysis them.
1. The first way to test IPsec
We can view the router1’s and router3’s running state informations.
On router1, we can see the IPsec’s policy, proposal, etc
router1's IPsec policy
router1's IPsec proposal
router1's IPsec SA
router1's ipsec statistics
router1's acl 30001
On router3, we can see the IPsec’s policy, proposal, etc
router3's IPsec policy
router3's IPsec proposal 1
router3's IPsec statistics
router3's acl 3001
router3's IPsec SA
According to router1’s and router3’s IPsec SA configuration, router1’s ESP outbound SA’s SPI is as same as router3’s ESP inbound SA’s SPI (the value is 36318600); router3’s ESP outbound SA’s SPI is as same as router1’s ESP inbound SA’s SPI. (the value is 1044517337). The SPI is dynamic created and missed though router1 and router3 negotiate SPI based on pre-shared key.
上一页 [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] ... 下一页 >>