科技行者

行者学院 转型私董会 科技行者专题报道 网红大战科技行者

知识库

知识库 安全导航

至顶网网络频道带有NAT的PIX实现IPSec VPN连接(5)

带有NAT的PIX实现IPSec VPN连接(5)

  • 扫一扫
    分享文章到微信

  • 扫一扫
    关注官方公众号
    至顶头条

远程PIX使用网络地址转换(NAT) "加入"专用地址设备在它之后对专用地址网络在中央PIX 之后。远程PIX可以首次与中央PIX (的连接知道终端),但中央PIX不可以首次与远程PIX (的连接不知道终端)。

作者:51CTO.COM 2007年10月30日

关键字: 防火墙 VPN CISCO IPSEC NAT

  • 评论
  • 分享微博
  • 分享邮件

  lifetime of 4608000 kilobytes

  outbound SA from 204.1.1.1 to 203.1.1.1 (proxy 10.2.2.0 to 10.1.1.0)

  has spi 3504503990 and conn_id 3 and flags 4

  lifetime of 28800 seconds

  lifetime of 4608000 kilobytesIPSEC(key_engine): got a queue event...

  IPSEC(initialize_sas): ,

  (key eng. msg.) dest= 204.1.1.1, src= 203.1.1.1,

  dest_proxy= 10.2.2.0/255.255.255.0/0/0 (type=4),

  src_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),

  protocol= ESP, transform= esp-des esp-md5-hmac ,

  lifedur= 28800s and 4608000kb,

  spi= 0xa2b0ed21(2729504033), conn_id= 4, keysize= 0, flags= 0x4

  IPSEC(initialize_sas): ,

  (key eng. msg.) src= 204.1.1.1, dest= 203.1.1.1,

  src_proxy= 10.2.2.0/255.255.255.0/0/0 (type=4),

  dest_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),

  protocol= ESP, transform= esp-des esp-md5-hmac ,

  lifedur= 28800s and 4608000kb,

  spi= 0xd0e27cb6(3504503990), conn_id= 3, keysize= 0, flags= 0x4

  return status is IKMP_NO_ERROR

  

  客户端调试

  19 16:43:20.402 06/28/01 Sev=Info/4 CM/0x63100004

  Establish secure connection using Ethernet

  20 16:43:20.402 06/28/01 Sev=Info/4 CM/0x63100025

  Attempt connection with server "203.1.1.1"

  21 16:43:20.402 06/28/01 Sev=Info/6 IKE/0x6300003B

  Attempting to establish a connection with 203.1.1.1.

  22 16:43:20.442 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID, VID, VID) to 203.1.1.1

  23 16:43:20.452 06/28/01 Sev=Info/4 IPSEC/0x63700014

  Deleted all keys

  24 16:43:20.492 06/28/01 Sev=Info/5 IKE/0x6300002F

  Received ISAKMP packet: peer = 203.1.1.1

  25 16:43:20.492 06/28/01 Sev=Info/4 IKE/0x63000014

  RECEIVING <<

  26 16:43:20.492 06/28/01 Sev=Info/5 IKE/0x63000059

  Vendor ID payload = 12F5F28C457168A9702D9FE274CC0100

  27 16:43:20.492 06/28/01 Sev=Info/5 IKE/0x63000001

  Peer is a Cisco-Unity compliant peer

  28 16:43:20.492 06/28/01 Sev=Info/5 IKE/0x63000059

  Vendor ID payload = AFCAD71368A1F1C96B8696FC77570100

  29 16:43:20.492 06/28/01 Sev=Info/5 IKE/0x63000001

  Peer supports DPD

  30 16:43:20.492 06/28/01 Sev=Info/5 IKE/0x63000059

  Vendor ID payload = A0EB477E6627B406AA10F958254B3517

  31 16:43:20.542 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT) to 203.1.1.1

  32 16:43:20.542 06/28/01 Sev=Info/4 CM/0x6310000E

  Established Phase 1 SA. 1 Phase 1 SA in the system

  33 16:43:21.143 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 203.1.1.1

  34 16:43:24.067 06/28/01 Sev=Info/5 IKE/0x6300002F

  Received ISAKMP packet: peer = 203.1.1.1

  35 16:43:24.067 06/28/01 Sev=Info/4 IKE/0x63000014

  RECEIVING <<

  36 16:43:24.067 06/28/01 Sev=Info/5 IKE/0x63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS: , value = 10.3.3.1

  37 16:43:24.067 06/28/01 Sev=Info/5 IKE/0x63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS(1): , value = 10.1.1.3

  38 16:43:24.067 06/28/01 Sev=Info/5 IKE/0x63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NBNS(1) (a.k.a. WINS) : , value = 10.1.1.3

  39 16:43:24.067 06/28/01 Sev=Info/5 IKE/0x6300000E

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN: , value = cisco.com

  40 16:43:24.067 06/28/01 Sev=Info/4 CM/0x63100018

  Mode Config data received

  41 16:43:24.668 06/28/01 Sev=Info/5 IKE/0x63000055

  Received a key request from Driver for IP address 203.1.1.1, GW IP = 203.1.1.1

  42 16:43:24.668 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 203.1.1.1

  43 16:43:24.668 06/28/01 Sev=Info/5 IKE/0x63000055

  Received a key request from Driver for IP address 10.10.10.255, GW IP = 203.1.1.1

  44 16:43:24.668 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 203.1.1.1

  45 16:43:24.668 06/28/01 Sev=Info/4 IPSEC/0x63700014

  Deleted all keys

  46 16:43:25.619 06/28/01 Sev=Info/5 IKE/0x6300002F

  Received ISAKMP packet: peer = 203.1.1.1

  47 16:43:25.619 06/28/01 Sev=Info/4 IKE/0x63000014

  RECEIVING <<

  48 16:43:25.619 06/28/01 Sev=Info/5 IKE/0x63000044

  RESPONDER-LIFETIME notify has value of 28800 seconds

  49 16:43:25.619 06/28/01 Sev=Info/5 IKE/0x63000045

  RESPONDER-LIFETIME notify has value of 4608000 kb

  50 16:43:25.619 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK QM *(HASH) to 203.1.1.1

  51 16:43:25.619 06/28/01 Sev=Info/5 IKE/0x63000058

  Loading IPsec SA (Message ID = 0x59515364 OUTBOUND SPI = 0xB24CDB55 INBOUND SPI = 0x83AA0042)

  52 16:43:25.619 06/28/01 Sev=Info/5 IKE/0x63000025

  Loaded OUTBOUND ESP SPI: 0xB24CDB55

  53 16:43:25.619 06/28/01 Sev=Info/5 IKE/0x63000026

  Loaded INBOUND ESP SPI: 0x83AA0042

  54 16:43:25.619 06/28/01 Sev=Info/4 CM/0x63100019

  One secure connection established

  55 16:43:25.629 06/28/01 Sev=Info/6 DIALER/0x63300003

  Connection established.

  56 16:43:25.669 06/28/01 Sev=Info/6 DIALER/0x63300008

  MAPI32 Information - Outlook not default mail client

  57 16:43:25.960 06/28/01 Sev=Info/5 IKE/0x6300002F

  Received ISAKMP packet: peer = 203.1.1.1

  58 16:43:25.960 06/28/01 Sev=Info/4 IKE/0x63000014

  RECEIVING <<

  59 16:43:25.960 06/28/01 Sev=Info/5 IKE/0x63000044

  RESPONDER-LIFETIME notify has value of 28800 seconds

  60 16:43:25.960 06/28/01 Sev=Info/5 IKE/0x63000045

  RESPONDER-LIFETIME notify has value of 4608000 kb

  61 16:43:25.960 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK QM *(HASH) to 203.1.1.1

  62 16:43:25.960 06/28/01 Sev=Info/5 IKE/0x63000058

  Loading IPsec SA (Message ID = 0x23A23005 OUTBOUND SPI = 0xAD0599DB INBOUND SPI = 0x2B74D4A4)

  63 16:43:25.960 06/28/01 Sev=Info/5 IKE/0x63000025

  Loaded OUTBOUND ESP SPI: 0xAD0599DB

  64 16:43:25.960 06/28/01 Sev=Info/5 IKE/0x63000026

  Loaded INBOUND ESP SPI: 0x2B74D4A4

  65 16:43:25.960 06/28/01 Sev=Info/4 CM/0x63100021

  Additional Phase 2 SA established.

  66 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x63700010

  Created a new key structure

  67 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x6370000F

  Added key with SPI=0x55db4cb2 into key list

  68 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x63700010

  Created a new key structure

  69 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x6370000F

  Added key with SPI=0x4200aa83 into key list

  70 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x63700010

  Created a new key structure

  71 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x6370000F

  Added key with SPI=0xdb9905ad into key list

  72 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x63700010

  Created a new key structure

  73 16:43:25.960 06/28/01 Sev=Info/4 IPSEC/0x6370000F

  Added key with SPI=0xa4d4742b into key list

  74 16:43:35.173 06/28/01 Sev=Info/6 IKE/0x6300003D

  Sending DPD request to 203.1.1.1, seq# = 1856135987

  75 16:43:35.173 06/28/01 Sev=Info/4 IKE/0x63000013

  SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 203.1.1.1

  76 16:43:35.173 06/28/01 Sev=Info/5 IKE/0x6300002F

  Received ISAKMP packet: peer = 203.1.1.1

  77 16:43:35.173 06/28/01 Sev=Info/4 IKE/0x63000014

  RECEIVING <<

  78 16:43:35.173 06/28/01 Sev=Info/5 IKE/0x6300003F

  Received DPD ACK from 203.1.1.1, seq# received = 1856135987, seq# expected = 1856135987

    • 评论
    • 分享微博
    • 分享邮件
    VIP专区
    邮件订阅

    如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。

    重磅专题
    往期文章
    最新文章

    业界热点:

    北京第二十六维信息技术有限公司(至顶网)版权所有. 京ICP备15039648号-7 京ICP证161336号 京公网安备 11010802021500号