填空题
[说明]
某公司由总部和分支机构构成,通过IPSec实现网络安全,网络拓扑结构如下图所示。
某公司由总部和分支机构构成,通过IPSec实现网络安全,网络拓扑结构如下图所示。
填空题
总部端路由器的部分配置如下,解释配置中语句部分含义。
crypto isakmp policy 1 1
authentication pre-share 2
group 2
crypto isakmp key test123 address 202.96.1.2 3
crypto ipsec transform-set VPNtag ah-md5-hmac esp-des 4
crypto map VPNdemp 10 ipsec-isakmp
set peer 202.96.1.2 5
set transform-set VPNtag
match address 101
!
interface Tunnel0
iD address 192.168.1.1 255.255.255.0 6
no ip directed-broadcast
tunnel source 202.96.1.1
tunnel destination 202.96.1.2 7
crypto map VPNdemo
interface serial0/0
ip address 202.96.1.1 255.255.255.252
no ip directed-broadcast
crypto map VPNdemo 8
!
interface Ethernet0/1
ip address 168.1.1.1 255.255.255.0
no ip directed-broadcast
interface Ethernet0/0
ip address 172.22.1.100 255.255.255.0
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.96.1.2 9
ip route 172.22.2.0 255.255.0.0 192.168.1.2 10
access-lost 101 permit gre host 202.96.1.1 host 202.96.1.2
crypto isakmp policy 1 1
authentication pre-share 2
group 2
crypto isakmp key test123 address 202.96.1.2 3
crypto ipsec transform-set VPNtag ah-md5-hmac esp-des 4
crypto map VPNdemp 10 ipsec-isakmp
set peer 202.96.1.2 5
set transform-set VPNtag
match address 101
!
interface Tunnel0
iD address 192.168.1.1 255.255.255.0 6
no ip directed-broadcast
tunnel source 202.96.1.1
tunnel destination 202.96.1.2 7
crypto map VPNdemo
interface serial0/0
ip address 202.96.1.1 255.255.255.252
no ip directed-broadcast
crypto map VPNdemo 8
!
interface Ethernet0/1
ip address 168.1.1.1 255.255.255.0
no ip directed-broadcast
interface Ethernet0/0
ip address 172.22.1.100 255.255.255.0
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.96.1.2 9
ip route 172.22.2.0 255.255.0.0 192.168.1.2 10
access-lost 101 permit gre host 202.96.1.1 host 202.96.1.2
填空题
IPSec是IETE以RFC形式公布的一组安全协议集,它包括 1与 2两个安全机制,其中 3用于传输非机密数据。
填空题
IPSec工作在OSI/RM的 1层,它有 2和 3两种工作模式。