IPSEC over GRE with BGP

【实验拓扑和软件】本文实验采用的交换机是H3C模拟器，下载地址如下： http://forum.h4c.com/forum.php? mod=viewthread&tid=109740&highlight=H3C%E6%A8%A1%E6% 8B%9F%E5%99%A8 有兴趣的朋友可以在论坛上去下载【需求信息】R2和R4建立EBGP邻居信息，邻居都是tunnel口的地址，而流经tunnel口的数据包都是需要ipsec加密的！【配置信息】R2vlan 1024#domain systemaccess-limit disablestate activeidle-cut disableself-ser免费云主机域名vice-url disable#ike peer r4pre-shared-key simple 1234567remote-address 192.168.24.4#ipsec proposal 1#ipsec policy jc 10 isakmpsecurity acl 3000ike-peer r4proposal 1#acl number 3000rule 0 permit ip source 192.168.1.0 0.0.0.255 destination 192.168.11.0 0.0.0.255rule 5 permit ip source 172.16.1.0 0.0.0.255 destination 172.16.11.0 0.0.0.255##interface LoopBack0ip address 192.168.1.1 255.255.255.255#interface Vlan-interface1024ip address 192.168.28.2 255.255.255.0#interface Tunnel0ip address 192.168.24.2 255.255.255.0source 192.168.28.2destination 192.168.48.4ipsec policy jc#bgp 65001network 192.168.1.1 255.255.255.255undo synchronizationpeer 192.168.24.4 as-number 65002#ip route-static 0.0.0.0 0.0.0.0 192.168.28.8SW4#interface Vlan-interface1024ip address 192.168.28.8 255.255.255.0#interface Vlan-interface1044ip address 192.168.48.8 255.255.255.0#interface Ethernet0/4/0port link-mode bridge#interface Ethernet0/4/1port link-mode bridge#interface Ethernet0/4/2port link-mode bridgeport access vlan 1024#interface Ethernet0/4/3port link-mode bridge#interface Ethernet0/4/4port link-mode bridgeport access vlan 1044R4#vlan 1044#domain systemaccess-limit disablestate activeidle-cut disableself-service-url disable#ike peer r2pre-shared-key simple 1234567remote-address 192.168.24.2#ipsec proposal 1#ipsec policy jc 10 isakmpsecurity acl 3000ike-peer r2proposal 1#acl number 3000rule 0 permit ip source 192.168.11.0 0.0.0.255 destination 192.168.1.0 0.0.0.255rule 5 permit ip source 172.16.11.0 0.0.0.255 destination 172.16.1.0 0.0.0.255#interface Serial0/6/0link-protocol ppp#interface Serial0/6/1link-protocol ppp#interface Serial0/6/2link-protocol ppp#interface Serial0/6/3link-protocol ppp#interface NULL0#interface LoopBack0ip address 192.168.11.1 255.255.255.255#interface Vlan-interface1044ip address 192.168.48.4 255.255.255.0#interface Ethernet0/4/0port link-mode bridge#interface Ethernet0/4/1port link-mode bridgeport access vlan 1044interface Tunnel0ip address 192.168.24.4 255.255.255.0source 192.168.48.4destination 192.168.28.2ipsec policy jc#bgp 65002network 192.168.11.1 255.255.255.255undo synchronizationpeer 192.168.24.2 as-number 65001#ip route-static 0.0.0.0 0.0.0.0 192.168.48.8#【验证】查看ike 和ipsec sadis ike sa total phase-1 SAs: 0 connection-id peer flag phase doi ———————————————————-dis ipsec sa 因为还没有数据包匹配，所以没有saping -a 192.168.1.1 192.168.11.1 PING 192.168.11.1: 56 data bytes, press CTRL_C to break Request time out Reply from 192.168.11.1: bytes=56 Sequence=2 ttl=255 time=50 ms Reply from 192.168.11.1: bytes=56 Sequence=3 ttl=255 time=44 ms Reply from 192.168.11.1: bytes=56 Sequence=4 ttl=255 time=45 ms Reply from 192.168.11.1: bytes=56 Sequence=5 ttl=255 time=50 ms — 192.168.11.1 ping statistics — 5 packet(s) transmitted 4 packet(s) received 20.00% packet loss round-trip min/avg/max = 44/47/50 msdis ike sa total phase-1 SAs: 1 connection-id peer flag phase doi ———————————————————- 6 192.168.24.4 RD|ST 2 IPSEC 5 192.168.24.4 RD|ST 1 IPSEC flag meaning RD–READY ST–STAYALIVE RL–REPLACED FD–FADING TO–TIMEOUTdis ipsec sa===============================Interface: Tunnel0 path MTU: 1476=============================== —————————– IPsec policy name: “jc” sequence number: 10 mode: isakmp —————————– connection id: 4 encapsulation mode: tunnel perfect forward secrecy: None tunnel: local address: 192.168.24.2 remote address: 192.168.24.4 Flow : sour addr: 192.168.1.0/255.255.255.0 port: 0 protocol: IP dest addr: 192.168.11.0/255.255.255.0 port: 0 protocol: IP [inbound ESP SAs] spi: 2478830021 (0x93bff1c5) proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5 sa remaining key duration (bytes/sec): 1887436464/3588 max received sequence-number: 4 udp encapsulation used for nat traversal: N [outbound ESP SAs] spi: 645607044 (0x267b2e84) proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5 sa remaining key duration (bytes/sec): 1887436464/3588 max sent sequence-number: 5 udp encapsulation used for nat traversal: Ndis ike sa total phase-1 SAs: 1 connection-id peer flag phase doi ———————————————————- 4 192.168.24.2 RD 2 IPSEC 3 192.168.24.2 RD 1 IPSEC flag meaning RD–READY ST–STAYALIVE RL–REPLACED FD–FADING TO–TIMEOUTdis ipsec sa===============================Interface: Tunnel0 path MTU: 1476=============================== —————————– IPsec policy name: “jc” sequence number: 10 mode: isakmp —————————– connection id: 4 encapsulation mode: tunnel perfect forward secrecy: None tunnel: local address: 192.168.24.4 remote address: 192.168.24.2 Flow : sour addr: 192.168.11.0/255.255.255.0 port: 0 protocol: IP dest addr: 192.168.1.0/255.255.255.0 port: 0 protocol: IP [inbound ESP SAs] spi: 645607044 (0x267b2e84) proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5 sa remaining key duration (bytes/sec): 1887436464/3523 max received sequence-number: 4 udp encapsulation used for nat traversal: N [outbound ESP SAs] spi: 2478830021 (0x93bff1c5) proposal: ESP-ENCRYPT-DES ESP-AUTH-MD5 sa remaining key duration (bytes/sec): 1887436464/3523 max sent sequence-number: 5 udp encapsulation used for nat traversal: N

相关推荐: 修改数据信息时，判断复选框的值是否被选中

用函数in_array():判断数据是否在数组中；将要获取某个复选框字段的数据时，格式：1,2,3,5 然后在页面直接判断这个复选框的免费云主机域名某个值是否在这个数组里面；当时是在TP框架里面做的：第一个参数就是对应这个value里面的值，后面的参数是该用户…