网创优客建站品牌官网
为成都网站建设公司企业提供高品质网站建设
热线:028-86922220
成都专业网站建设公司

定制建站费用3500元

符合中小企业对网站设计、功能常规化式的企业展示型网站建设

成都品牌网站建设

品牌网站建设费用6000元

本套餐主要针对企业品牌型网站、中高端设计、前端互动体验...

成都商城网站建设

商城网站建设费用8000元

商城网站建设因基本功能的需求不同费用上面也有很大的差别...

成都微信网站建设

手机微信网站建站3000元

手机微信网站开发、微信官网、微信商城网站...

建站知识

当前位置:首页 > 建站知识

ISAKMPProfile技术应用-创新互联

ISAKMP Profile技术应用

10年积累的成都做网站、成都网站设计经验,可以快速应对客户对网站的新想法和需求。提供各种问题对应的解决方案。让选择我们的客户得到更好、更有力的网络服务。我虽然不认识你,你也不认识我。但先做网站后付款的网站建设流程,更有塔什库尔干塔吉克免费网站建设让你可以放心的选择与我们合作。

ISAKMP Profile技术是IKE协商的一种新型配置方式。它主要的作用是映射我们第一阶段ISAKMP参数到第

二阶段IPSec隧道,可以实现一个设备和多个站点建立多个隧道。还可以很好的消除不同×××之间的影

响,让第一阶段策略和第二阶段策略关联的更加紧密。并且ISAKMP Profile普遍在EZ×××和VRF-ware

IPSec ×××配置里边被采用。

Site1 :

crypto keyring ccie

 pre-shared-key address 61.128.1.1 key cisco

!

crypto isakmp policy 100

 encr 3des

 authentication pre-share

 group 2

crypto isakmp profile isaprof

  keyring ccie

  match identity address 61.128.1.1 255.255.255.255

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto map ccie 10 ipsec-isakmp

 set peer 61.128.1.1

 set transform-set myset

 set isakmp-profile isaprof

 match address ***

!

interface Loopback0

 ip address 1.1.1.1 255.255.255.0

!

interface FastEthernet0/0

 ip address 202.100.1.1 255.255.255.0

 crypto map ccie

!

ip route 0.0.0.0 0.0.0.0 202.100.1.10

!

ip access-list extended ***

 permit ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

Internet:

interface FastEthernet0/0

 ip address 202.100.1.10 255.255.255.0

!

interface FastEthernet0/1

 ip address 61.128.1.10 255.255.255.0

end

Site2:

crypto keyring ccie

 pre-shared-key address 202.100.1.1 key cisco

!

crypto isakmp policy 100

 encr 3des

 authentication pre-share

 group 2

crypto isakmp profile isaprof

  keyring ccie

  match identity address 202.100.1.1 255.255.255.255

!

!

crypto ipsec transform-set myset esp-3des esp-sha-hmac

!

crypto map ccie 10 ipsec-isakmp

 set peer 202.100.1.1

 set transform-set myset

 set isakmp-profile isaprof

 match address ***

!

interface Loopback0

 ip address 2.2.2.2 255.255.255.0

!

interface FastEthernet0/0

 ip address 61.128.1.1 255.255.255.0

 crypto map ccie

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 61.128.1.10

!

ip access-list extended ***

 permit ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255

!

测试:

Site1#ping 2.2.2.2 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 104/133/148 ms

Site1#show crypto ipsec sa

interface: FastEthernet0/0

  Crypto map tag: ccie, local addr 202.100.1.1

  protected vrf: (none)

  local  ident (addr/mask/prot/port): (1.1.1.0/255.255.255.0/0/0)

  remote ident (addr/mask/prot/port): (2.2.2.0/255.255.255.0/0/0)

  current_peer 61.128.1.1 port 500

   PERMIT, flags={origin_is_acl,}

  #pkts encaps: 9, #pkts encrypt: 9, #pkts digest: 9

  #pkts decaps: 9, #pkts decrypt: 9, #pkts verify: 9

  #pkts compressed: 0, #pkts decompressed: 0

  #pkts not compressed: 0, #pkts compr. failed: 0

  #pkts not decompressed: 0, #pkts decompress failed: 0

  #send errors 1, #recv errors 0

   local crypto endpt.: 202.100.1.1, remote crypto endpt.: 61.128.1.1

   path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0

   current outbound spi: 0x96AB8F14(2527825684)

   inbound esp sas:

   spi: 0xF41D2511(4095550737)

    transform: esp-3des esp-sha-hmac ,

    in use settings ={Tunnel, }

    conn id: 1, flow_id: SW:1, crypto map: ccie

    sa timing: remaining key lifetime (k/sec): (4566332/2033)

    IV size: 8 bytes

    replay detection support: Y

    Status: ACTIVE

   inbound ah sas:

   inbound pcp sas:

   outbound esp sas:

   spi: 0x96AB8F14(2527825684)

    transform: esp-3des esp-sha-hmac ,

    in use settings ={Tunnel, }

    conn id: 2, flow_id: SW:2, crypto map: ccie

    sa timing: remaining key lifetime (k/sec): (4566332/2031)

    IV size: 8 bytes

    replay detection support: Y

    Status: ACTIVE

   outbound ah sas:

   outbound pcp sas:

Site1#show crypto session

Crypto session current status

Interface: FastEthernet0/0

Profile: isaprof

Session status: UP-ACTIVE

Peer: 61.128.1.1 port 500

 IKE SA: local 202.100.1.1/500 remote 61.128.1.1/500 Active

 IPSEC FLOW: permit ip 1.1.1.0/255.255.255.0 2.2.2.0/255.255.255.0

    Active SAs: 2, origin: crypto map

另外有需要云服务器可以了解下创新互联scvps.cn,海内外云服务器15元起步,三天无理由+7*72小时售后在线,公司持有idc许可证,提供“云服务器、裸金属服务器、高防服务器、香港服务器、美国服务器、虚拟主机、免备案服务器”等云主机租用服务以及企业上云的综合解决方案,具有“安全稳定、简单易用、服务可用性高、性价比高”等特点与优势,专为企业上云打造定制,能够满足用户丰富、多元化的应用场景需求。


分享标题:ISAKMPProfile技术应用-创新互联
路径分享:http://bjjierui.cn/article/dgojhd.html

其他资讯