-
微信小程序
操作简洁 功能强大
专业团队 资深背景
微信搜索:cn163ns
- 微信平台特色
-
主要功能是针对微信商家公众号提供与众不同的、有针对性的营销推广服务。通过微信平台,用户可以轻松管理自己的微信各类信息,对微信公众账号进行维护、开展智能机器人、在线发优惠劵、抽奖、刮奖、派发会员卡、打造微官网、开启微团购等多种活动,对微信营销实现有效监控,极大扩展潜在客户群和实现企业的运营目标。无使用时间和功能限制
如何用DEBUG实现两个路由器之间做LTL的VPN
r1#
r1#
r1#ping 192.168.20.1 source 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1
*Aug 8 20:20:40.323: ISAKMP:(0): SA request profile is (NULL)
*Aug 8 20:20:40.323: ISAKMP: Created a peer struct for 202.102.1.2, peer port 5
00
*Aug 8 20:20:40.323: ISAKMP: New peer created peer = 0x6637AAAC peer_handle = 0
x80000003
*Aug 8 20:20:40.323: ISAKMP: Locking peer struct 0x6637AAAC, refcount 1 for isa
kmp_initiator
*Aug 8 20:20:40.323: ISAKMP: local port 500, remote port 500
*Aug 8 20:20:40.323: ISAKMP: set new node 0 to QM_IDLE
*Aug 8 20:20:40.323: insert sa successfully sa = 65D3B7A8
*Aug 8 20:20:40.323: ISAKMP:(0):Can not start Aggressive mode, trying Main mode
.
*Aug 8 20:20:40.323: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2
*Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Aug 8 20:20:40.323: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Aug 8 20:20:40.323: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Aug 8 20:20:40.323: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
*Aug 8 20:20:40.323: ISAKMP:(0): beginning Main Mode exchange
*Aug 8 20:20:40.323: ISAKMP:(0): sending packet to 202.102.1.2 my_port 500 peer
_port 500 (I) MM_NO_STATE (发送第一个包)
*Aug 8 20:20:40.351: ISAKMP (0:0): received packet from 202.102.1.2 dport 500 s
port 500 Global (I) MM_NO_STATE (接收第二个包)
<!—初始状态-->
*Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Aug 8 20:20:40.355: ISAKMP:(0): processing SA payload. message ID = 0
*Aug 8 20:20:40.355: ISAKMP:(0): processing vendor id payload
*Aug 8 20:20:40.355: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismat
ch
*Aug 8 20:20:40.355: ISAKMP (0:0): vendor ID is NAT-T v7
*Aug 8 20:20:40.355: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2
*Aug 8 20:20:40.355: ISAKMP:(0): local preshared key found
*Aug 8 20:20:40.355: ISAKMP : Scanning profiles for xauth ...
*Aug 8 20:20:40.355: ISAKMP:.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 28/46/72 ms
r1#(0):Checking ISAKMP transform 1 against priority 100 policy
*Aug 8 20:20:40.355: ISAKMP: encryption DES-CBC
*Aug 8 20:20:40.355: ISAKMP: hash SHA
*Aug 8 20:20:40.355: ISAKMP: default group 1
*Aug 8 20:20:40.355: ISAKMP: auth pre-share
*Aug 8 20:20:40.355: ISAKMP: life type in seconds
*Aug 8 20:20:40.355: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Aug 8 20:20:40.355: ISAKMP:(0):atts are acceptable.(双方都是认同的)Next payload is 0
<!—阶段1策略协商-->如果老是重传,说明策略不匹配
*Aug 8 20:20:40.355: ISAKMP:(0): processing vendor id payload
*Aug 8 20:20:40.355: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch
*Aug 8 20:20:40.355: ISAKMP (0:0): vendor ID is NAT-T v7
*Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MOD
E
*Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Aug 8 20:20:40.355: ISAKMP:(0): sending packet to 202.102.1.2 my_port 500 peer
_port 500 (I) MM_SA_SETUP
*Aug 8 20:20:40.355: ISAKMP:(0):Input = IKE_ME
r1#SG_INTERNAL, IKE_PROCESS_COMPLETE
*Aug 8 20:20:40.355: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
发送一个
*Aug 8 20:20:40.403: ISAKMP (0:0): received packet from 202.102.1.2 dport 500 s
port 500 Global (I) MM_SA_SETUP
*Aug 8 20:20:40.407: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 8 20:20:40.411: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
接收一个
*Aug 8 20:20:40.419: ISAKMP:(0): processing KE payload. message ID = 0 公共值
*Aug 8 20:20:40.423: ISAKMP:(0): processing NONCE payload. message ID = 0 随机数
*Aug 8 20:20:40.423: ISAKMP:(0):found peer pre-shared key matching 202.102.1.2
<!—生成随机数用于验证-->
*Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload
*Aug 8 20:20:40.423: ISAKMP:(1002): vendor ID is Unity
*Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload
*Aug 8 20:20:40.423: ISAKMP:(1002): vendor ID is DPD
*Aug 8 20:20:40.423: ISAKMP:(1002): processing vendor id payload
*Aug 8 20:20:40.423: ISAKMP:(1002): speaking to another IOS box!
*Au
r1#g 8 20:20:40.423: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_
MODE
*Aug 8 20:20:40.423: ISAKMP:(1002):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Aug 8 20:20:40.423: ISAKMP:(1002):Send initial contact
*Aug 8 20:20:40.423: ISAKMP:(1002):SA is doing pre-shared key authentication us
ing id type ID_IPV4_ADDR
*Aug 8 20:20:40.423: ISAKMP (0:1002): ID payload
next-payload : 8
type : 1
address : 202.102.1.1
protocol : 17
port : 500
length : 12
*Aug 8 20:20:40.423: ISAKMP:(1002):Total payload length: 12
*Aug 8 20:20:40.423: ISAKMP:(1002): sending packet to 202.102.1.2 my_port 500 p
eer_port 500 (I) MM_KEY_EXCH 第五个包
*Aug 8 20:20:40.423: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPL
ETE
*Aug 8 20:20:40.423: ISAKMP:(1002):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Aug 8 20:20:40.463: ISAKMP (0:1002): received packet from 202.102.1.2 dport 50
0 sport 500 Global (I) MM_KEY_EXCH MM_KEY_EXCH 第六个包
*Aug 8 20:20:40.467: ISA
r1#KMPL1002): processing ID payload. Message ID = 0
*Aug 8 20:20:40.467: ISAKMP (0:1002): ID payload
next-payload : 8
type : 1
address : 202.102.1.2
protocol : 17
port : 500
length : 12
*Aug 8 20:20:40.467: ISAKMPL0):: peer matches *none* of the profiles
*Aug 8 20:20:40.467: ISAKMPL1002): processing HASH payload. Message ID = 0
*Aug 8 20:20:40.467: ISAKMPL1002):SA authentication status:
Authenticated
<!—身份验证à
*Aug 8 20:20:40.467: ISAKMPL1002):SA has been authenticated with 202.102.1.2(最后的结果认证成功,第一阶段成功了)
*Aug 8 20:20:40.467: ISAKMP: Trying to insert a peer 202.102.1.1/202.102.1.2/50
0/, and inserted successfully 6637AAAC.
*Aug 8 20:20:40.467: ISAKMP:(1002):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Aug 8 20:20:40.467: ISAKMP:(1002):Old State = IKE_I_MM5 New State = IKE_I_MM6
*Aug 8 20:20:40.467: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_
MODE
*Aug 8 20:20:40.467: ISAKMP:(1002):Old State = IKE_I_MM6 New State = IKE_I_MM6
r1#*Aug 8 20:20:40.467: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PROCESS_CO
MPLETE
*Aug 8 20:20:40.467: ISAKMP:(1002):Old State = IKE_I_MM6 New State = IKE_P1_CO
MPLETE
<!—阶段2的协商参数-->
*Aug 8 20:20:40.467: ISAKMP:(1002):beginning Quick Mode exchange, M-ID of 10935
59871
*Aug 8 20:20:40.467: ISAKMP:(1002):QM Initiator gets spi
*Aug 8 20:20:40.467: ISAKMP:(1002): sending packet to 202.102.1.2 my_port 500 p
eer_port 500 (I) QM_IDLE 发送第二创段开始的第一个包;QM代表快速模式
*Aug 8 20:20:40.467: ISAKMP:(1002):Node 1093559871, Input = IKE_MESG_INTERNAL,
IKE_INIT_QM
*Aug 8 20:20:40.467: ISAKMP:(1002):Old State = IKE_QM_READY New State = IKE_QM
_I_QM1
*Aug 8 20:20:40.467: ISAKMP:(1002):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLE
TE
*Aug 8 20:20:40.467: ISAKMP:(1002):Old State = IKE_P1_COMPLETE New State = IKE
_P1_COMPLETE
*Aug 8 20:20:40.511: ISAKMP (0:1002): received packet from 202.102.1.2 dport 50
0 sport 500 Global (I) QM_IDLE 收到对方的回应
*Aug 8 20:20:40.519: ISAKMP:(1002): processing HASH payload. message ID = 10935
59871
r1#
*Aug 8 20:20:40.519: ISAKMP:(1002): processing SA payload. message ID = 1093559
871
*Aug 8 20:20:40.523: ISAKMP:(1002):Checking IPSec proposal 1
*Aug 8 20:20:40.523: ISAKMP: transform 1, ESP_DES
*Aug 8 20:20:40.527: ISAKMP: attributes in transform:
*Aug 8 20:20:40.527: ISAKMP: encaps is 1 (Tunnel)
*Aug 8 20:20:40.531: ISAKMP: SA life type in seconds
*Aug 8 20:20:40.531: ISAKMP: SA life duration (basic) of 3600
*Aug 8 20:20:40.531: ISAKMP: SA life type in kilobytes
*Aug 8 20:20:40.535: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Aug 8 20:20:40.539: ISAKMP:(1002):atts are acceptable. 第二阶段最终双方都接受的结果
*Aug 8 20:20:40.543: ISAKMP:(1002): processing NONCE payload. message ID = 1093
559871
*Aug 8 20:20:40.547: ISAKMP:(1002): processing ID payload. message ID = 1093559
871
*Aug 8 20:20:40.551: ISAKMP:(1002): processing ID payload. message ID = 1093559
871
*Aug 8 20:20:40.551: ISAKMP:(1002): Creating IPSec SAs
*Aug 8 20:20:40.551: inboun
r1#d SA from 202.102.1.2 to 202.102.1.1 (f/i) 0/ 0
(proxy 192.168.20.0 to 192.168.10.0)
*Aug 8 20:20:40.551: has spi 0x866A05BA and conn_id 0 SPI是双方最终协商的结果
*Aug 8 20:20:40.551: lifetime of 3600 seconds
*Aug 8 20:20:40.551: lifetime of 4608000 kilobytes
*Aug 8 20:20:40.551: outbound SA from 202.102.1.1 to 202.102.1.2 (f/i)
0/0
(proxy 192.168.10.0 to 192.168.20.0)
*Aug 8 20:20:40.551: has spi 0x2E48CED3 and conn_id 0
*Aug 8 20:20:40.551: lifetime of 3600 seconds
*Aug 8 20:20:40.551: lifetime of 4608000 kilobytes
*Aug 8 20:20:40.551: ISAKMP:(1002): sending packet to 202.102.1.2 my_port 500 p
eer_port 500 (I) QM_IDLE
*Aug 8 20:20:40.551: ISAKMP:(1002):deleting node 1093559871 error FALSE reason
"No Error"
*Aug 8 20:20:40.551: ISAKMP:(1002):Node 1093559871, Input = IKE_MESG_FROM_PEER,IKE_QM_EXCH
*Aug 8 20:20:40.551: ISAKMP:(1002):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
<!—创建数据连接的SA-->
r1#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
202.102.1.2 202.102.1.1 QM_IDLE 1002 0 ACTIVE
IPv6 Crypto ISAKMP SA
r1#
*Aug 8 20:21:30.551: ISAKMP:(1002):purging node 1093559871
r1#
文章来源:http://www.hulian.top,转载请注明!
- 上一篇:局域网常见错误集锦
- 下一篇:如何配置华为交换机做到端口限速
