博客

安全动态
投稿至邮箱: 在线投稿

初识IPSec

作者:Mils 公布时间:2016-05-17 阅读次数:10958

VSRC连载系列(1):

谁动了我的500端口?

作为一枚代码小白,周末当然一如往常的宅家学习Coding啦,不过突然接到A同学的求助说上周在机房配置好的VPN现在突然连不上了。而且监控发现流量很大,怀疑是被恶意攻击了。于是在简单了解之后发现是一个普通的站点到站点的IPSec VPN,两端采用ESP加密。这种情况只能一步一步排错:


一、基本路由排错

1、全局地址可达

Site1#ping 101.1.2.3 source 101.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 101.1.2.3, timeout is 2 seconds:

Packet sent with a source address of 101.1.1.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/34/52 ms

2、路由可达

Site1#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 101.1.1.4 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 101.1.1.4

      2.0.0.0/32 is subnetted, 1 subnets

C        2.2.2.2 is directly connected, Loopback0

      101.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        101.1.1.0/24 is directly connected, FastEthernet0/0

L        101.1.1.2/32 is directly connected, FastEthernet0/0



点击以下链接,查看完整内容

http://mp.weixin.qq.com/s?__biz=MzI5ODE0ODA5MQ==&mid=403866875&idx=1&sn=fa463a4a02a8dc60767ff12fe3f232ab#rd