PC1 ---- F100 ---- IX2004 --- PC2
シリアルケーブル買ってきました。IX2004のために。
要は、モデムとつなぐときはストレート、PC同士はクロス、ということです。
あっさりできた。
FITEL#sho cry isa sa [ 1] 100.0.0.2 <--> 100.0.0.1 Main Mode UP pre-shared key DES MD5 Lifetime : 600secs Current : 19secs,1kbytes mcfg config-mode: off mcfg addr: off mcfg apl-version: IKE Keepalive: dpd ICMP Keepalive: off release on addr-change: off FITEL#sho cry isa policy Protection suite priority [1] authentication method : preshared key encryption algorithm : DES - Data Encryption Standard (56 bit keys) Diffie-Hellman Group : #1 (768 bit) hash algorithm : Message Digest 5 lifetime : 600 seconds, no volume limit Disabled frequency : 0 Default protection suite authentication method : preshared key encryption algorithm : DES - Data Encryption Standard (56 bit keys) hash algorithm : Message Digest 5 Diffie-Hellman Group : #1 (768 bit) lifetime : 1000 seconds, no volume limit FITEL#sho running.cfg ! ! FITELnet-F100 ! Firmware version: V02.07(02) 032307 ! ip route 0.0.0.0 0.0.0.0 100.0.0.2 ! access-list 1 permit 192.168.1.0 0.0.0.255 ! vpn enable vpnlog enable ! ipsec access-list 1 ipsec ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ipsec access-list 64 bypass ip any any ipsec transform-set P2-des-md5 esp-des esp-md5-hmac ! service dhcp-server ! hostname FITEL ! ip dhcp pool lan1 exit ! interface ewan 1 crypto map kyoten ip address 100.0.0.1 255.255.255.0 ip nat inside source list 1 interface exit interface ewan 2 exit interface lan 1 ip address 192.168.1.254 255.255.255.0 exit ! ! crypto isakmp policy 1 authentication prekey encryption des group 1 hash md5 idtype-pre userfqdn key ascii secret lifetime 600 negotiation-mode main peer-identity address 100.0.0.2 exit crypto map kyoten 1 match address 1 set peer address 100.0.0.2 set transform-set P2-des-md5 exit crypto security-association exit ! end Router(config)# sho running-config ! ip route 192.168.1.0/24 Tunnel0.0 ip access-list list1 permit ip src 192.168.2.0 0.0.0.255 dest 192.168.1.0 0.0.0.255 ! ike proposal ike-prop encryption des hash md5 lifetime 600 ! ike policy ike-policy peer 100.0.0.1 key secret ike-prop ! ipsec autokey-map ipsec-policy list1 peer 100.0.0.1 default ipsec local-id ipsec-policy 192.168.2.0/24 ipsec remote-id ipsec-policy 192.168.1.0/24 ! telnet-server ip enable ! device FastEthernet0 ! device FastEthernet1 ! interface FastEthernet0.0 ip address 100.0.0.2/24 no shutdown ! interface FastEthernet1.0 ip address 192.168.2.254/24 no shutdown ! interface Loopback0.0 no ip address ! interface Null0.0 no ip address ! interface AutoTunnel0.0 no ip address shutdown ! interface Tunnel0.0 tunnel mode ipsec ip unnumbered FastEthernet1.0 ipsec policy tunnel ipsec-policy out no shutdown Router(config)# Router(config)# sho ike sa ISAKMP SA - 1 configured, 1 created Local address is 100.0.0.2 Remote address is 100.0.0.1 IKE policy name is ike-policy Direction is responder Initiator's cookie is 0xfc6bbe87ce000000 Responder's cookie is 0xba77d813c2ce6e0d Exchange type is main mode State is established Authentication method is pre-shared Encryption algorithm is des Hash algorithm is md5 DH group is modp768, lifetime is 414 seconds #ph1 success: 1, #ph1 failure: 0 #ph1 hash err: 0, #ph1 timeout: 0, #ph1 resend: 0 #ph2 success: 1, #ph2 failure: 0 #ph2 hash err: 0, #ph2 timeout: 0, #ph2 resend: 0 Router(config)# Router(config)# sho ike statistics Phase1 Statistics: 1 success, 0 failure, 0 hash errors 0 config errors, 0 timeout errors, 0 resend packet Phase2 Statistics: 1 success, 0 failure, 0 request errors, 0 hash errors 0 config errors, 0 timeout errors, 0 resend packet IKE Informations: Notify message type Rcvd: 0 invalid payload type, 0 doi not supported 0 situation not supported, 0 invalid cookie 0 invalid major version, 0 invalid minor version 0 invalid exchange type, 0 invalid flags, 0 invalid message id 0 invalid protocol id, 0 invalid spi, 0 invalid transform id 0 attributes not supported, 0 no proposal chosen 0 bad proposal syntax, 0 payload malformed 0 invalid key information, 0 invalid id information 0 invalid cert encoding, 0 invalid certificate 0 cert type unsupported, 0 invalid cert authority 0 invalid hash information, 0 authentication failed 0 invalid signature, 0 address notification 0 notify sa lifetime, 0 certificate unavailable 0 unsupported exchange type, 0 unequal payload lengths 0 connected 0 responder lifetime, 0 replay status, 1 initial contact 0 keepalive, 0 keepalive ack 0 unknown type Sent: 0 invalid payload type, 0 doi not supported 0 situation not supported, 0 invalid cookie 0 invalid major version, 0 invalid minor version 0 invalid exchange type, 0 invalid flags, 0 invalid message id 0 invalid protocol id, 0 invalid spi, 0 invalid transform id 0 attributes not supported, 0 no proposal chosen 0 bad proposal syntax, 0 payload malformed 0 invalid key information, 0 invalid id information 0 invalid cert encoding, 0 invalid certificate 0 cert type unsupported, 0 invalid cert authority 0 invalid hash information, 0 authentication failed 0 invalid signature, 0 address notification 0 notify sa lifetime, 0 certificate unavailable 0 unsupported exchange type, 0 unequal payload lengths 0 connected 0 responder lifetime, 0 replay status, 0 initial contact 0 keepalive, 0 keepalive ack 0 unknown type Delete protocol type Rcvd: 0 isakmp, 0 ah, 0 esp 0 unknown type Sent: 0 isakmp, 0 ah, 0 esp 0 unknown type Router(config)# sho ipsec sa IPsec SA - 1 configured, 2 created Interface is Tunnel0.0 Key policy map name is ipsec-policy Tunnel mode, 4-over-4, autokey-map Local address is 100.0.0.2 Remote address is 100.0.0.1 Outgoing interface is FastEthernet0.0 Interface MTU is 1446, path MTU is 1500 Inbound: ESP, SPI is 0x9566dd14(2506546452) Transform is ESP-DES-HMAC-MD5-96 Remaining lifetime is 393 seconds Replay detection support is on Outbound: ESP, SPI is 0x3ae07975(987789685) Transform is ESP-DES-HMAC-MD5-96 Remaining lifetime is 393 seconds Replay detection support is on Perfect forward secrecy is off Router(config)#というわけで・・・
ix2004,
FITELnet F100 x 3,
シリアルケーブル(クロス) for FITELnet、
シリアルケーブル(ストレート) for IX,
某ソフト registration・・・
Dynamipsインストール、
Catalyst引っ張り出し・・・
シリアルのストレートケーブルというのは、昔モデムに接続するときに使ったものである。多分、コンシューマ向け(?)のちっちゃいルータ(IX2004とか)は、それと同じケーブルでつなげるようにと、ストレートでつなぐようになっているのだろう。
一方、FITELnet F100はシリアルのリバース(クロス)ケーブルでつなぐ。
このケーブルは、PC同士をつないでデータ転送をするような時に使う。
私も昔、かってつないだような記憶がある。 「ある程度の大きなルータになると、PC扱いになるのでクロスでつなぐ・・・」というのは私の覚え方。
結線は
1 --- 7&8 2 --- 3 3 --- 2 4 --- 6 5 --- 5 6 --- 4 7&8 --- 1 フレーム --- フレーム
だとさ