Affichage des articles dont le libellé est IOS. Afficher tous les articles
Affichage des articles dont le libellé est IOS. Afficher tous les articles

21 mai 2010

Back up and Restore Configuration Files

Automatic Backup of Configuration using the Kron Method:

Router(config)#kron policy-list SaveConfig
Router(config-kron-policy)#cli write
Router(config-kron-policy)#exit

Router(config)#kron occurrence SaveConfigSchedule at 23:00 Sun recurring
Router(config-kron-occurrence)#policy-list SaveConfig


-
Libellés : ,

28 août 2009

Basic IPsec Virtual Tunnel Interface - VTI


Le but est de monter un tunnel IPSec entre deux routeurs en utilisant des VTI.
La clé partagée est: 1234.




hostname R1
!
crypto isakmp policy 1
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key 1234 address 10.2.2.1
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set TS-1 esp-aes 256
!
crypto ipsec profile VTI
 set transform-set TS-1
!
interface Tunnel0
 description *** Vers Tunnel 1 premium ***
 ip unnumbered Loopback0
 ip mtu 1380
 ip tcp adjust-mss 1340
 tunnel source Loopback0
 tunnel destination 10.2.2.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile VTI
!
interface Loopback0
 ip address 10.1.1.1 255.255.255.255
!
interface Loopback10
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 10
 redistribute connected
 network 10.1.1.1 0.0.0.0
 no auto-summary
!
ip route 10.2.2.1 255.255.255.255 192.168.1.2
!


La configuration est identique sur R2.

R1#show crypto ipsec sa


interface: Tunnel0
Crypto map tag: Tunnel0-head-0, local addr 10.1.1.1


protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
current_peer 10.2.2.1 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 16017, #pkts encrypt: 16017, #pkts digest: 16017
#pkts decaps: 15918, #pkts decrypt: 15918, #pkts verify: 15918
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0


local crypto endpt.: 10.1.1.1, remote crypto endpt.: 10.2.2.1
path mtu 1514, ip mtu 1514, ip mtu idb Loopback0
current outbound spi: 0xCF2A12E(217227566)


inbound esp sas:
spi: 0x8C8AD70B(2357909259)
transform: esp-256-aes ,
in use settings ={Tunnel, }
conn id: 1, flow_id: Motorola SEC 2.0:1, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4596558/1206)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE


inbound ah sas:


inbound pcp sas:


outbound esp sas:
spi: 0xCF2A12E(217227566)
transform: esp-256-aes ,
in use settings ={Tunnel, }
conn id: 2, flow_id: Motorola SEC 2.0:2, crypto map: Tunnel0-head-0
sa timing: remaining key lifetime (k/sec): (4596542/1204)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE


outbound ah sas:


outbound pcp sas:
R1#
-
Libellés : ,
Inscription à : Articles (Atom)

NTP - ACL

NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...

  • Create a loopback Interface on MacOS
    Create a loopback Interface on MacOS X: ifconfig lo0 alias 172.16.123.1  will add an alias IP 172.16.123.1 to the loopback adapter ifconf...
  • NTP - ACL
    NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...
  • Client/Server Python (works with VIRL)
    Small Python Client/Server Application Client #!/usr/bin/env python import socket TCP_IP = '10.0.0.10' TCP_PORT = 21 ...