Professional Documents
Culture Documents
0 Router(config-if)#no shut Router(config)#router rip Router(config-router)#network 192.168.10.0 Router(config-router)#network 10.0.0.0 Router(config)#crypto isakmp policy 10 Router(config-isakmp)#authentication pre-share Router(config-isakmp)#hash sha Router(config-isakmp)#encryption aes 256 Router(config-isakmp)#group 2 Router(config-isakmp)#lifetime 86400 Router(config)#crypto isakmp key toor address 10.0.0.2 Router(config)#crypto ipsec transform-set TSET esp-aes esp-sha-hmac Router(config)#access-list 101 permit ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255 Router(config)#crypto map CMAP 10 ipsec-isakmp Router(config-crypto-map)#set peer 10.0.0.2 Router(config-crypto-map)#match address 101 Router(config-crypto-map)#set transform-set TSET Router(config)#int f0/1 Router(config-if)#crypto map CMAP Router(config-if)#do wr
Router(config)#int f0/1 Router(config-if)#ip address 10.0.0.2 255.0.0.0 Router(config-if)#no shut Router(config)#router rip Router(config-router)#network 192.168.20.0 Router(config-router)#network 10.0.0.0 Router(config-router)#version 2 Router(config)#crypto isakmp policy 10 Router(config-isakmp)#authentication pre-share Router(config-isakmp)#hash sha Router(config-isakmp)#encryption aes 256 Router(config-isakmp)#group 2 Router(config-isakmp)#lifetime 86400 Router(config)#crypto isakmp key toor address 10.0.0.1 Router(config)#crypto ipsecc transform-set TSET esp-aes esp-sha-hmac Router(config)#access-list 101 permit ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255 Router(config)#crypto map CMAP 10 ipsec-isakmp Router(config-crypto-map)#set peer 10.0.0.1 Router(config-crypto-map)#match address 101 Router(config-crypto-map)#set transform-set TSET Router(config)#int f0/1 Router(config-if)#crypto map CMAP Router(config-if)#do wr Router A Router#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst 10.0.0.2 src state conn-id slot status 1027 0 ACTIVE
10.0.0.1
QM_IDLE
protected vrf: (none) local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0) current_peer 10.0.0.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 2, #pkts encrypt: 2, #pkts digest: 0 #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0
local crypto endpt.: 10.0.0.1, remote crypto endpt.:10.0.0.2 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1 current outbound spi: 0x01E40974(31721844)
inbound esp sas: spi: 0x1E216472(505504882) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2002, flow_id: FPGA:1, crypto map: CMAP sa timing: remaining key lifetime (k/sec): (4525504/3467) IV size: 16 bytes replay detection support: N Status: ACTIVE
inbound ah sas:
outbound esp sas: spi: 0x01E40974(31721844) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2003, flow_id: FPGA:1, crypto map: CMAP sa timing: remaining key lifetime (k/sec): (4525504/3467) IV size: 16 bytes replay detection support: N Status: ACTIVE
Router B Router#show crypto isakmp sa IPv4 Crypto ISAKMP SA dst 10.0.0.1 src state conn-id slot status 1098 0 ACTIVE
10.0.0.2
QM_IDLE
protected vrf: (none) local ident (addr/mask/prot/port): (192.168.20.0/255.255.255.0/0/0) remote ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0) current_peer 10.0.0.1 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 4, #pkts encrypt: 4, #pkts digest: 0 #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0
local crypto endpt.: 10.0.0.2, remote crypto endpt.:10.0.0.1 path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/1 current outbound spi: 0x1E216472(505504882)
inbound esp sas: spi: 0x01E40974(31721844) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2002, flow_id: FPGA:1, crypto map: CMAP sa timing: remaining key lifetime (k/sec): (4525504/3186) IV size: 16 bytes replay detection support: N Status: ACTIVE
inbound ah sas:
outbound esp sas: spi: 0x1E216472(505504882) transform: esp-aes esp-sha-hmac , in use settings ={Tunnel, } conn id: 2003, flow_id: FPGA:1, crypto map: CMAP sa timing: remaining key lifetime (k/sec): (4525504/3186) IV size: 16 bytes replay detection support: N
Status: ACTIVE