[ grunf85 @ 24.01.2011. 21:01 ] @
Zdravo! konfigurisao sam ipsec tunel izmedju 2 rutera u packer traceru, prateci OVAJ tutorial fino je to sve proslo, samo me zanima sledece kada pozovem show crypto ipsec sa dobijem sledece: Code: R1#sh crypto ipsec sa interface: Serial0/1/0 Crypto map tag: mymap, local addr 192.168.1.1 protected vrf: (none) local ident (addr/mask/prot/port): (10.0.0.0/255.0.0.0/0/0) remote ident (addr/mask/prot/port): (192.168.0.0/255.255.255.0/0/0) current_peer 192.168.1.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 64, #pkts encrypt: 64, #pkts digest: 0 #pkts decaps: 47, #pkts decrypt: 47, #pkts verify: 0 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 1, #recv errors 0 local crypto endpt.: 192.168.1.1, remote crypto endpt.:192.168.1.2 path mtu 1500, ip mtu 1500, ip mtu idb Serial0/1/0 current outbound spi: 0x63435221(1665356321) inbound esp sas: spi: 0x252B462C(623593004) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } conn id: 2001, flow_id: FPGA:1, crypto map: mymap sa timing: remaining key lifetime (k/sec): (4525504/107) IV size: 16 bytes replay detection support: N Status: ACTIVE inbound ah sas: inbound pcp sas: outbound esp sas: spi: 0x63435221(1665356321) transform: esp-des esp-md5-hmac , in use settings ={Tunnel, } conn id: 2002, flow_id: FPGA:1, crypto map: mymap sa timing: remaining key lifetime (k/sec): (4525504/107) IV size: 16 bytes replay detection support: N Status: ACTIVE outbound ah sas: outbound pcp sas: sta predstavlja ovaj dio: #pkts digest: 0 ??? i #pkts verify: 0 ?? da li je ocuvan integritet paketa? kod verifikacije ipsec veze, kod gore pomenutog tutoriala, ovaj podatak je isti kao broj sifrovanih paketa... nije mi jasno sta sam propustio u konfiguraciji, provjerio sam 5x... i da napomenem, ovi paketi sto su prosli su ICMP i HTTP paketi... ps nisam siguran za koji dio foruma je ova tema... ako ovdje nije mjesto neka admini prebace |