tunnel destination 1.1.1.2 — bosh ofis marshrutizatorining tashqi manzili
tunnel mode ipsec ipv4 — shifrlash turi
tunnel protection ipsec profile VTI_PROF — shifrlash usuli
agar barcha uchta qadam to’g’ri bajarilsa, interfeys holati up/down holatidan
up/up holaidga o’tadi. Quyidagi buyruqlar orqali ko’rish mumkin.
R-MAIN#
sh inter tun 1
Tunnel1 is
up
, line protocol is
up
4-qadam. VPN tunnel ishini tekshirish
Tunneling ishchanligini ping utilitasi orqali tekshiramiz. Masalan, bosh
ofisdan:
R-MAIN#
ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5)
, round-trip min/avg/max = 16/17/20 ms
sh cry ips sa peer 2.2.2.2 buyrug’I bilan paketlarning himoyalangan tunnel
orqali o’tayotganligiga ishonch hosil qilamiz.
R-MAIN#
sh cry ips sa peer 2.2.2.2
interface: Tunnel1
Crypto map tag: Tunnel1-head-0, local addr 2.2.2.2
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 2.2.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps:5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5
Oxirgi ikki satr shuni ko’rsatadiki, marshrutizator 5 ta xabarni shifrladi va
yubordi va shuncha qabul qilib deshifrladi. Qandaydir paket bizning
marshrutizatorlarimiz tunneli orqali o’tsa bu hisoblagichlar har safar ishlaydi.
Do'stlaringiz bilan baham: |
