IPSec íàñòðîéêà ìàðøðóòèçàöèè
-
Ïîìîãèòå íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó îôèñàìè.
Ê ïðèìåðó åñòü òðè îôèñà
1. Îôèñ1 ipnet 192.168.100.0/24
2. Îôèñ2 ipnet 192.168.101.0/24
2. Îôèñ3 ipnet 192.168.103.0/24
Íàñòðîåí IPSec Îôèñ1<=>Îôèñ2 è Îôèñ1<=>Îôèñ3Êàê íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó Îôèñ2 è Îôèñ3 áåç ïîäíÿòèÿ ìåæäó íèìè òîíåëÿ?
-
íà øëþçå â îôèñ3 ïðîïèñàòü ñòàòè÷åñêèé ìàðøðóò â îôèñ2 ÷åðåç îôèñ1
íà øëþçå â îôèñ2 ïðîïèñàòü ñòàòè÷åñêèé ìàðøðóò â îôèñ3 ÷åðåç îôèñ1íà øëþçå â îôèñ1 ïðîïèñàòü ñòàòè÷åñêèå ìàðøðóòû â ñåòè îôèñ2 è îôèñ3 ÷åðåç ñîîòâåòñòâóþùèå àäðåñà
íó è â ôàéðâîëå åñòåñòâåííî ðàçðåøèòü íà èíòåðôåéñàõ LAN è IPSEC ñîîòâåòñòâóþùèå ñåòè, â êàæäîì èç îôèñîâ
âîò êàê òî òàê :)
-
Íå ðàáîòàåò.
×òî ïîëó÷àåòñÿ:- c îôèñà2 ïèíãóþòñÿ âñå êîìïáþòåðû ñåòè Îôèñ1
- ïðîïèñàë ìàðøðóò c îôèñà íà Îôèñ3 (192.168.103.0/24) ÷åðåç ôîèñ1(192.168.100.6)
Ïðè àíàëèçå ïàêåòîâ, ïîëó÷àåòñÿ, ÷òî ïèíãè ïðîñòî èäóò íà âíåøíèé IP îôèñ2, ò.å. â èíòåðíåò!!!  ÷åì òðàáë?
-
â îôèñ1 åñòü ñòàòè÷åñêèå ìàðøðóòû?
êóäà îíè óêàçûâàþò?
ñ îôèñ2 è îôèñ3 øëþçîì äîëæåí áûòü LAN èï îôèñ1
ñîîòâåòñòâåííî ñåòè â îôèñ2 è îôèñ3 äîëæíû áûòü äîñòóïíû ÷åðåç ñâîé LAN èï -
Òîëüêî ïî÷åìó òî â îôîèñ2 nestat -r íå ïîêàçûâàåò ïðîïèñàííôé ìíîþ ìàðøðóò??
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 195.5.5.203 UGS 0 459251 ng0
209-80-113-92.pool lo0 UHS 0 0 lo0
localhost localhost UH 0 0 lo0
192.168.102.0 link#1 UC 0 0 rl0
195.5.5.203 209-80-113-92.pool UH 1 2940 ng0À êîãäà ÿ èçìåíèë ìàðøðóò äëÿ ïîäñåòè 192.168.106.0.24 íà IP 192.168.102.7, òî ìàðøðóò ïðîïèñàëñÿ.
Âûõîäèò, ÷òî îí íå çíàåò êóäà ïðâÿçàòü ìàðøðóòèçàöèþ äëÿ IP Îôèñ1 192.168.100.6Õîòÿ ïèíãè ñ ïîäñåòè îôèñ2 èäóò íà ïîäñåòü îôèñ1.
-
íàïèøèòå àäðåñà âîò ïî ýòîé ñõåìå
Îôèñ1, LAN IP, LAN NET/MASK, IPSEC Remote subnet, IPSEC Remote gateway -
Îôèñ1 - IP: 192.168.100.5, Net: 192.168.100.0/24, IPSec Remote Subnet 192.168.102.0/24 IPSec Remote GateWay xxx.xxx.xxx.xxx (âíåøíèé IP îôèñà2)
Îôèñ2 - IP: 192.168.102.5, Net: 192.168.102.0/24, IPSec Remote Subnet 192.168.100.0/24 IPSec Remote GateWay yyy.yyy.yyy.yyy (âíåøíèé IP îôèñà1) -
íàñòðîêè Îôèñ1
System: Static Routes
Destination network: 192.168.102.0/24
Gateway: 192.168.100.5íàñòðîêè Îôèñ2
System: Static Routes
Destination network: 192.168.100.0/24
Gateway: 192.168.102.5ÿ òàê ïîíèìàþ â ôàéðâîëå âñå îòêðûòî?
-
Äîáàâëþ
íàñòðîêè Îôèñ1
Lan IP: 192.168.100.6
IPsec:
Remote Subnet: 192.168.102.0/24 Remote GateWay: xxx.xxx.xxx.xxx
Remote Subnet: 192.168.104.0/24 Remote GateWay: zzz.zzz.zzz.zzz
System: Static Routes
Destination network: 192.168.102.0/24 Gateway: 192.168.102.5
Destination network: 192.168.104.0/24 Gateway: 192.168.104.5íàñòðîêè Îôèñ2
Lan IP: 192.168.102.5
IPsec:
Remote Subnet: 192.168.100.0/24 Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
Destination network: 192.168.104.0/24 Gateway: 192.168.100.6íàñòðîêè Îôèñ4
Lan IP: 192.168.104.5
IPsec:
Remote Subnet: 192.168.100.0/24 Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
Destination network: 192.168.102.0/24 Gateway: 192.168.100.6Ñâÿçü ìåæäó Îôèñ1<=>Îôèñ2 è Îôèñ1<=>Îôèñ4 åñòü.
À âîò íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó Îôèñ2 è Îôèñ4 íå ïîëó÷åñòñÿ.
Åñëè ïèíãîâàòü ñ Îôèñ2 íà Îôèñ4, òî â trafshow âèäíû ïèíãè èäóùèå ñ âíåøíåãî IP íà 192.168.104.5.
netstat -r - â Îôèñ2 íå ïîêàçûâàåò ïðîïèñàííûé ìíîé ìàðøðóò Destination network: 192.168.104.0/24 Gateway: 192.168.100.6, õîòÿ â web îí ïðèïèñàí. -
À âû ðàçâå íå âèäèòå ðàçíèöû
ÿ âåäü ñïåöèàëüíî íàïèñàë ÷òî äîëæíî áûòü â ñòàòè÷åñêèõ ìàðøðóòàõ âíèìàòåëüíî ñìîòðèòå íà øëþç -
Ïîìåíÿë íàñòðîéêè. Òåïåðü îíè âûãëÿäÿò âîò òàê:
íàñòðîéêè Îôèñ1
Lan IP: 192.168.100.6
IPsec:
Remote Subnet: 192.168.102.0/24 Remote GateWay: xxx.xxx.xxx.xxx
Remote Subnet: 192.168.104.0/24 Remote GateWay: zzz.zzz.zzz.zzz
System: Static Routes
Destination network: 192.168.102.0/24 Gateway: 192.168.102.5
Destination network: 192.168.104.0/24 Gateway: 192.168.104.5íàñòðîéêè Îôèñ2
Lan IP: 192.168.102.5
IPsec:
Remote Subnet: 192.168.100.0/24 Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
Destination network: 192.168.100.0/24 Gateway: 192.168.102.5
Destination network: 192.168.104.0/24 Gateway: 192.168.100.6íàñòðîéêè Îôèñ4
Lan IP: 192.168.104.5
IPsec:
Remote Subnet: 192.168.100.0/24 Remote GateWay: yyy.yyy.yyy.yyy
System: Static Routes
Destination network: 192.168.100.0/24 Gateway: 192.168.104.5
Destination network: 192.168.102.0/24 Gateway: 192.168.100.6Ïèíãè c Îôèñ2 íà 192.168.168.104.5 íå èäóò. Îøèáêà - Çàäàííûé óçåë íå äîñòóïåí
è îøèáêè â ëîãàõ
Dec 22 14:21:12 kernel: arpresolve: can't allocate route for 192.168.100.6
Dec 22 14:21:12 kernel: arplookup 192.168.100.6 failed: host is not on local network -
traceroute èç îôèñ2 íà 192.168.100.6, 192.168.104.5
è â îôèñ2, îôèñ4
System: Static Routes
Destination network: 192.168.0.0/16 Gateway: LAN IP -
Òðàññèðîâêà ñ PF
traceroute 192.168.100.4
traceroute to 192.168.100.4 (192.168.100.4), 64 hops max, 40 byte packets
1 dprouter (192.168.102.5) 0.679 ms 0.584 ms 0.498 ms
2 * * *
3 192.168.100.4 (192.168.100.4) 76.914 ms 57.086 ms 58.720 mstraceroute 192.168.100.6
traceroute to 192.168.100.6 (192.168.100.6), 64 hops max, 40 byte packets
1 dprouter (192.168.102.5) 0.655 ms 0.607 ms 0.450 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 *^Ctraceroute 192.168.104.5
traceroute to 192.168.104.5 (192.168.104.5), 64 hops max, 40 byte packets
traceroute: sendto: Invalid argument
1 traceroute: wrote 192.168.104.5 40 chars, ret=-1
*traceroute: sendto: Invalid argumentÒðàññèðîâêà ñ ñåòè Îôèñ2
C:>tracert 192.168.100.6
Òðàññèðîâêà ìàðøðóòà ê 192.168.100.6 ñ ìàêñèìàëüíûì ÷èñëîì ïðûæêîâ 30
1 1 ms 1 ms 1 ms 192.168.102.5
2 56 ms 55 ms 55 ms 192.168.100.6
Òðàññèðîâêà çàâåðøåíà.
C:>tracert 192.168.104.5
Òðàññèðîâêà ìàðøðóòà ê 192.168.104.5 ñ ìàêñèìàëüíûì ÷èñëîì ïðûæêîâ 30
1 1 ms 1 ms 1 ms 192.168.102.5
2 192.168.102.5 ñîîáùàåò: Çàäàííûé óçåë íåäîñòóïåí.
Òðàññèðîâêà çàâåðøåíà.
C:>ping 192.168.104.5 /n 500
Îáìåí ïàêåòàìè ñ 192.168.104.5 ïî ñ 32 áàéò äàííûõ:
Îòâåò îò 192.168.102.5: Çàäàííûé óçåë íåäîñòóïåí. -
Никак.