konfigurisao sam ipsec tunel izmedju 2 rutera u packer traceru,
prateci OVAJ tutorial
fino je to sve proslo, samo me zanima sledece
kada pozovem show crypto ipsec sa dobijem sledece:
Code:
R1#sh crypto ipsec sa
interface: Serial0/1/0
Crypto map tag: mymap, local addr 192.168.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer 192.168.1.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 64, #pkts encrypt: 64, #pkts digest: 0
#pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 192.168.1.1, remote crypto endpt.:192.168.1.2
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0
current outbound spi: 0x63435221(1665356321)
inbound esp sas:
spi: 0x252B462C(623593004)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: FPGA:1, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4525504/107)
IV size: 16 bytes
replay detection support: N
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x63435221(1665356321)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: FPGA:1, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4525504/107)
IV size: 16 bytes
replay detection support: N
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
R1#sh crypto ipsec sa
interface: Serial0/1/0
Crypto map tag: mymap, local addr 192.168.1.1
protected vrf: (none)
local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0)
current_peer 192.168.1.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 64, #pkts encrypt: 64, #pkts digest: 0
#pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 1, #recv errors 0
local crypto endpt.: 192.168.1.1, remote crypto endpt.:192.168.1.2
path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0
current outbound spi: 0x63435221(1665356321)
inbound esp sas:
spi: 0x252B462C(623593004)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2001, flow_id: FPGA:1, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4525504/107)
IV size: 16 bytes
replay detection support: N
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x63435221(1665356321)
transform: esp-des esp-md5-hmac ,
in use settings ={Tunnel, }
conn id: 2002, flow_id: FPGA:1, crypto map: mymap
sa timing: remaining key lifetime (k/sec): (4525504/107)
IV size: 16 bytes
replay detection support: N
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
sta predstavlja ovaj dio: #pkts digest: 0 ??? i #pkts verify: 0 ??
da li je ocuvan integritet paketa?
kod verifikacije ipsec veze, kod gore pomenutog tutoriala, ovaj podatak je isti kao broj
sifrovanih paketa...
nije mi jasno sta sam propustio u konfiguraciji, provjerio sam 5x...
i da napomenem, ovi paketi sto su prosli su ICMP i HTTP paketi...
ps nisam siguran za koji dio foruma je ova tema... ako ovdje nije mjesto neka admini prebace