萬盛學電腦網

 萬盛學電腦網 >> 路由器知識 >> 路由器簡介 >> 怎樣用DEBUG實現兩個路由器之間做LTL的VPN

怎樣用DEBUG實現兩個路由器之間做LTL的VPN

  導語:歡迎大家來到學習啦,本文為大帶來怎樣用DEBUG實現兩個路由器之間做LTL的VPN,歡迎大家閱讀借鑒。

  r1#

  r1#

  r1#ping 192.168.20.1 source 192.168.10.1

  Type escape sequence to abort.

  Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:

  Packet sent with a source address of 192.168.10.1

  *Aug 8 20:20:40.323: ISAKMP:(0): SA request profile is (NULL)

  *Aug 8 20:20:40.323: ISAKMP: Created a peer struct for 202.102.1.2, peer port 5

  00

  *Aug 8 20:20:40.323: ISAKMP: New peer created peer = 0x6637AAAC peer_handle = 0

  x80000003

  *Aug 8 20:20:40.323: ISAKMP: Locking peer struct 0x6637AAAC, refcount 1 for isa

  kmp_initiator

  *Aug 8 20:20:40.323: ISAKMP: local port 500, remote port 500

  *Aug 8 20:20:40.323: ISAKMP: set new node 0 to QM_IDLE

  *Aug 8 20:20:40.323: insert sa successfully sa = 65D3B7A8

  *Aug 8 20:20:40.323: ISAKMP:(0):Can not start Aggressive mode, trying Main mode

  .

  *Aug 8 20:20:40.323: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2

  *Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-07 ID

  *Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-03 ID

  *Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-02 ID

  *Aug 8 20:20:40.323: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM

  *Aug 8 20:20:40.323: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1

  *Aug 8 20:20:40.323: ISAKMP:(0): beginning Main Mode exchange

  *Aug 8 20:20:40.323: ISAKMP:(0): sending packet to 202.102.1.2 my_port 500 peer

  _port 500 (I) MM_NO_STATE (發送第一個包)

  *Aug 8 20:20:40.351: ISAKMP (0:0): received packet from 202.102.1.2 dport 500 s

  port 500 Global (I) MM_NO_STATE (接收第二個包)

  *Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

  *Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2

  *Aug 8 20:20:40.355: ISAKMP:(0): processing SA payload. message ID = 0

  *Aug 8 20:20:40.355: ISAKMP:(0): processing vendor id payload

  *Aug 8 20:20:40.355: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismat

  ch

  *Aug 8 20:20:40.355: ISAKMP (0:0): vendor ID is NAT-T v7

  *Aug 8 20:20:40.355: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2

  *Aug 8 20:20:40.355: ISAKMP:(0): local preshared key found

  *Aug 8 20:20:40.355: ISAKMP : Scanning profiles for xauth ...

  *Aug 8 20:20:40.355: ISAKMP:.!!!!

  Success rate is 80 percent (4/5), round-trip min/avg/max = 28/46/72 ms

  r1#(0):Checking ISAKMP transform 1 against priority 100 policy

  *Aug 8 20:20:40.355: ISAKMP: encryption DES-CBC

  *Aug 8 20:20:40.355: ISAKMP: hash SHA

  *Aug 8 20:20:40.355: ISAKMP: default group 1

  *Aug 8 20:20:40.355: ISAKMP: auth pre-share

  *Aug 8 20:20:40.355: ISAKMP: life type in seconds

  *Aug 8 20:20:40.355: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80

  *Aug 8 20:20:40.355: ISAKMP:(0):atts are acceptable.(雙方都是認同的)Next payload is 0

  如果老是重傳,說明策略不匹配

  *Aug 8 20:20:40.355: ISAKMP:(0): processing vendor id payload

  *Aug 8 20:20:40.355: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch

  *Aug 8 20:20:40.355: ISAKMP (0:0): vendor ID is NAT-T v7

  *Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MOD

  E

  *Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2

  *Aug 8 20:20:40.355: ISAKMP:(0): sending packet to 202.102.1.2 my_port 500 peer

  _port 500 (I) MM_SA_SETUP

  *Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_ME

  r1#SG_INTERNAL, IKE_PROCESS_COMPLETE

  *Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3

  發送一個

  *Aug 8 20:20:40.403: ISAKMP (0:0): received packet from 202.102.1.2 dport 500 s

  port 500 Global (I) MM_SA_SETUP

  *Aug 8 20:20:40.407: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

  *Aug 8 20:20:40.411: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4

  接收一個

  *Aug 8 20:20:40.419: ISAKMP:(0): processing KE payload. message ID = 0 公共值

  *Aug 8 20:20:40.423: ISAKMP:(0): processing NONCE payload. message ID = 0 隨機數

  *Aug 8 20:20:40.423: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2

  *Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload

  *Aug 8 20:20:40.423: ISAKMP:(1002): vendor ID is Unity

  *Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload

  *Aug 8 20:20:40.423: ISAKMP:(1002): vendor ID is DPD

  *Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload

  *Aug 8 20:20:40.423: ISAKMP:(1002): speaking to another IOS box!

  *Au

  r1#g 8 20:20:40.423: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_

  MODE

  *Aug 8 20:20:40.423: ISAKMP:(1002):Old State = IKE_I_MM4 New State = IKE_I_MM4

  *Aug 8 20:20:40.423: ISAKMP:(1002):Send initial contact

  *Aug 8 20:20:40.423: ISAKMP:(1002):SA is doing pre-shared key authentication us

  ing id type ID_IPV4_ADDR

  *Aug 8 20:20:40.423: ISAKMP (0:1002): ID payload

copyright © 萬盛學電腦網 all rights reserved