R-MAIN# sh inter tun 1
Tunnel1 is up, line protocol is up
4-qadam. VPN tunnel ishini tekshirish
Tunneling ishchanligini ping utilitasi orqali tekshiramiz. Masalan, bosh ofisdan:
R-MAIN#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/20 ms
|
sh cry ips sa peer 2.2.2.2 buyrug’I bilan paketlarning himoyalangan tunnel orqali o’tayotganligiga ishonch hosil qilamiz.
R-MAIN#sh cry ips sa peer 2.2.2.2
interface: Tunnel1
Crypto map tag: Tunnel1-head-0, local addr 2.2.2.2
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 2.2.2.2 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps:5, #pkts encrypt: 5, #pkts digest: 5
#pkts decaps: 5, #pkts decrypt: 5, #pkts verify: 5
|
Oxirgi ikki satr shuni ko’rsatadiki, marshrutizator 5 ta xabarni shifrladi va yubordi va shuncha qabul qilib deshifrladi. Qandaydir paket bizning marshrutizatorlarimiz tunneli orqali o’tsa bu hisoblagichlar har safar ishlaydi.
5-qadam. Marshrutlash
Har ikkala ofis bir biriga ulana olishi uchun har bir qurilmaga mos marshrutlash satrlarini qo’yish talab etiladi.
Bosh ofisda
R-MAIN(config)#
ip route 192.168.20.0 255.255.255.0 10.0.0.2
|
Filialda
Dostları ilə paylaş: |
