IPv6在校园网中的应用-IP安全分析 第9页

IPv6在校园网中的应用-IP安全分析 第9页
ip relay address 101.1.1.1
dhcp select relay
ipsec policy torouter1
#
interface Ethernet0/1
ip address 102.2.2.254 255.255.255.0
ip relay address 101.1.1.1
dhcp select relay
#
interface Serial1/1
link-protocol ppp
ip address 11.1.1.2 255.255.255.252
#
acl number 3001
 rule 0 permit ip source 102.2.2.0 0.0.0.255 destination 103.3.3.0 0.0.0.255
#
ip route-static 103.3.3.254 24 104.4.4.1
ip route-static 0.0.0.0 0 11.1.1.1
From the configuration files, you may be known that we choose tunnel as encapsulation-mode, ESP as security protocol, 3DES as encryption-algorithm and SHA1 as authentication-algorithm in the security proposal; and we apply the IPsec policy “torouter3” on router1’s Ethernet interface 3/0 and apply the IPsec policy “torouter1” on router3’s Ethernet interface 0/0. We have separate created one Access Control lists on the two routers
5.3 Test and analysis IPsec
After we configured the platform, we do not know it works or not. We can use some kinds of ways to test that it works or not. The first kind of way is that using commands on the routes display the running configuration and debugging informations. The second way is that the third subnet’s user captures the packets among the communication links and analysis them.
1.  The first way to test IPsec
We can view the router1’s and router3’s running state informations.
 On router1, we can see the IPsec’s policy, proposal, etc
 
router1's IPsec policy
 
router1's IPsec proposal
 
router1's IPsec SA
 
router1's ipsec statistics

 
router1's acl 30001
 On router3, we can see the IPsec’s policy, proposal, etc
 
router3's IPsec policy
 
router3's IPsec proposal 1
 
router3's IPsec statistics
 
router3's acl 3001
 
router3's IPsec SA
According to router1’s and router3’s IPsec SA configuration, router1’s ESP outbound SA’s SPI is as same as router3’s ESP inbound SA’s SPI (the value is 36318600); router3’s ESP outbound SA’s SPI is as same as router1’s ESP inbound SA’s SPI. (the value is 1044517337). The SPI is dynamic created and missed though router1 and router3 negotiate SPI based on pre-shared key.

上一页  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  ... 下一页  >> 

  • 上一篇文章:
  • 下一篇文章:
  • Copyright © 2007-2012 www.chuibin.com 六维论文网 版权所有