IPSec íàñòðîéêà ìàðøðóòèçàöèè • Ïîìîãèòå íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó îôèñàìè.
  Ê ïðèìåðó åñòü òðè îôèñà
  1. Îôèñ1 ipnet 192.168.100.0/24
  2. Îôèñ2 ipnet 192.168.101.0/24
  2. Îôèñ3 ipnet 192.168.103.0/24
  Íàñòðîåí IPSec Îôèñ1<=>Îôèñ2 è Îôèñ1<=>Îôèñ3

  Êàê íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó Îôèñ2 è Îôèñ3 áåç ïîäíÿòèÿ ìåæäó íèìè òîíåëÿ? • íà øëþçå â îôèñ3 ïðîïèñàòü ñòàòè÷åñêèé ìàðøðóò â îôèñ2 ÷åðåç îôèñ1
  íà øëþçå â îôèñ2 ïðîïèñàòü ñòàòè÷åñêèé ìàðøðóò â îôèñ3 ÷åðåç îôèñ1

  íà øëþçå â îôèñ1 ïðîïèñàòü ñòàòè÷åñêèå ìàðøðóòû â ñåòè îôèñ2 è îôèñ3 ÷åðåç ñîîòâåòñòâóþùèå àäðåñà

  íó è â ôàéðâîëå åñòåñòâåííî ðàçðåøèòü íà èíòåðôåéñàõ LAN  è IPSEC ñîîòâåòñòâóþùèå ñåòè, â êàæäîì èç îôèñîâ

  âîò êàê òî òàê :) • Íå ðàáîòàåò.
  ×òî ïîëó÷àåòñÿ:

  • c îôèñà2 ïèíãóþòñÿ âñå êîìïáþòåðû ñåòè Îôèñ1
  • ïðîïèñàë ìàðøðóò c îôèñà íà Îôèñ3 (192.168.103.0/24) ÷åðåç ôîèñ1(192.168.100.6)

  Ïðè àíàëèçå ïàêåòîâ, ïîëó÷àåòñÿ, ÷òî ïèíãè ïðîñòî èäóò íà âíåøíèé IP îôèñ2, ò.å. â èíòåðíåò!!!  ÷åì òðàáë? • â îôèñ1 åñòü ñòàòè÷åñêèå ìàðøðóòû?
  êóäà îíè óêàçûâàþò?
  ñ îôèñ2 è îôèñ3 øëþçîì äîëæåí áûòü LAN èï îôèñ1
  ñîîòâåòñòâåííî ñåòè â îôèñ2 è îôèñ3 äîëæíû áûòü äîñòóïíû ÷åðåç ñâîé LAN èï • Òîëüêî ïî÷åìó òî â îôîèñ2 nestat -r  íå ïîêàçûâàåò ïðîïèñàííôé ìíîþ ìàðøðóò??

  Internet:
  Destination        Gateway            Flags    Refs      Use  Netif Expire
  default            195.5.5.203        UGS        0  459251    ng0
  209-80-113-92.pool lo0                UHS        0        0    lo0
  localhost          localhost          UH          0        0    lo0
  192.168.102.0      link#1            UC          0        0    rl0
  195.5.5.203        209-80-113-92.pool UH          1    2940    ng0

  À êîãäà ÿ èçìåíèë ìàðøðóò äëÿ ïîäñåòè 192.168.106.0.24 íà IP 192.168.102.7, òî ìàðøðóò ïðîïèñàëñÿ.
  Âûõîäèò, ÷òî îí íå çíàåò êóäà ïðâÿçàòü ìàðøðóòèçàöèþ äëÿ IP Îôèñ1 192.168.100.6

  Õîòÿ ïèíãè ñ ïîäñåòè îôèñ2 èäóò íà ïîäñåòü îôèñ1.


 • íàïèøèòå àäðåñà âîò ïî ýòîé ñõåìå
  Îôèñ1, LAN IP, LAN NET/MASK, IPSEC Remote subnet, IPSEC Remote gateway • Îôèñ1 - IP: 192.168.100.5, Net: 192.168.100.0/24, IPSec Remote Subnet 192.168.102.0/24 IPSec Remote GateWay xxx.xxx.xxx.xxx (âíåøíèé IP îôèñà2)
  Îôèñ2 - IP: 192.168.102.5, Net: 192.168.102.0/24, IPSec Remote Subnet 192.168.100.0/24 IPSec Remote GateWay yyy.yyy.yyy.yyy (âíåøíèé IP îôèñà1) • íàñòðîêè Îôèñ1
  System: Static Routes
    Destination network: 192.168.102.0/24
    Gateway: 192.168.100.5

  íàñòðîêè Îôèñ2
  System: Static Routes
    Destination network: 192.168.100.0/24
    Gateway: 192.168.102.5

  ÿ òàê ïîíèìàþ â ôàéðâîëå âñå îòêðûòî? • Äîáàâëþ

  íàñòðîêè Îôèñ1
  Lan IP: 192.168.100.6
  IPsec:
    Remote Subnet: 192.168.102.0/24  Remote GateWay: xxx.xxx.xxx.xxx
    Remote Subnet: 192.168.104.0/24  Remote GateWay: zzz.zzz.zzz.zzz
  System: Static Routes
    Destination network: 192.168.102.0/24  Gateway: 192.168.102.5
    Destination network: 192.168.104.0/24  Gateway: 192.168.104.5

  íàñòðîêè Îôèñ2
    Lan IP: 192.168.102.5
  IPsec:
    Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
  System: Static Routes
    Destination network: 192.168.104.0/24  Gateway: 192.168.100.6

  íàñòðîêè Îôèñ4
    Lan IP: 192.168.104.5
  IPsec:
    Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
  System: Static Routes
    Destination network: 192.168.102.0/24  Gateway: 192.168.100.6

  Ñâÿçü ìåæäó Îôèñ1<=>Îôèñ2 è Îôèñ1<=>Îôèñ4 åñòü.
  À âîò íàñòðîèòü ìàðøðóòèçàöèþ ìåæäó Îôèñ2 è Îôèñ4 íå ïîëó÷åñòñÿ.
  Åñëè ïèíãîâàòü ñ Îôèñ2 íà Îôèñ4, òî â trafshow âèäíû ïèíãè èäóùèå ñ âíåøíåãî IP íà 192.168.104.5.
  netstat -r - â Îôèñ2 íå ïîêàçûâàåò ïðîïèñàííûé ìíîé ìàðøðóò Destination network: 192.168.104.0/24  Gateway: 192.168.100.6, õîòÿ â web îí ïðèïèñàí. • À âû ðàçâå íå âèäèòå ðàçíèöû
  ÿ âåäü ñïåöèàëüíî íàïèñàë ÷òî äîëæíî áûòü â ñòàòè÷åñêèõ ìàðøðóòàõ âíèìàòåëüíî ñìîòðèòå íà øëþç • Ïîìåíÿë íàñòðîéêè. Òåïåðü îíè âûãëÿäÿò âîò òàê:
  íàñòðîéêè Îôèñ1
  Lan IP: 192.168.100.6
  IPsec:
   Remote Subnet: 192.168.102.0/24  Remote GateWay: xxx.xxx.xxx.xxx
   Remote Subnet: 192.168.104.0/24  Remote GateWay: zzz.zzz.zzz.zzz
  System: Static Routes
   Destination network: 192.168.102.0/24  Gateway: 192.168.102.5
   Destination network: 192.168.104.0/24  Gateway: 192.168.104.5

  íàñòðîéêè Îôèñ2
   Lan IP: 192.168.102.5
  IPsec:
   Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
  System: Static Routes
   Destination network: 192.168.100.0/24  Gateway: 192.168.102.5
   Destination network: 192.168.104.0/24  Gateway: 192.168.100.6

  íàñòðîéêè Îôèñ4
   Lan IP: 192.168.104.5
  IPsec:
   Remote Subnet: 192.168.100.0/24  Remote GateWay: yyy.yyy.yyy.yyy
  System: Static Routes
   Destination network: 192.168.100.0/24  Gateway: 192.168.104.5
   Destination network: 192.168.102.0/24  Gateway: 192.168.100.6

  Ïèíãè c Îôèñ2 íà 192.168.168.104.5 íå èäóò. Îøèáêà - Çàäàííûé óçåë íå äîñòóïåí
  è îøèáêè â ëîãàõ
  Dec 22 14:21:12 kernel: arpresolve: can't allocate route for 192.168.100.6
  Dec 22 14:21:12 kernel: arplookup 192.168.100.6 failed: host is not on local network • traceroute èç îôèñ2 íà 192.168.100.6, 192.168.104.5

  è â îôèñ2, îôèñ4
  System: Static Routes
    Destination network: 192.168.0.0/16  Gateway: LAN IP • Òðàññèðîâêà ñ PF

  traceroute 192.168.100.4

  traceroute to 192.168.100.4 (192.168.100.4), 64 hops max, 40 byte packets
  1  dprouter (192.168.102.5)  0.679 ms  0.584 ms  0.498 ms
  2  * * *
  3  192.168.100.4 (192.168.100.4)  76.914 ms  57.086 ms  58.720 ms

  traceroute 192.168.100.6

  traceroute to 192.168.100.6 (192.168.100.6), 64 hops max, 40 byte packets
  1  dprouter (192.168.102.5)  0.655 ms  0.607 ms  0.450 ms
  2  * * *
  3  * * *
  4  * * *
  5  * * *
  6  *^C

  traceroute 192.168.104.5

  traceroute to 192.168.104.5 (192.168.104.5), 64 hops max, 40 byte packets
  traceroute: sendto: Invalid argument
  1 traceroute: wrote 192.168.104.5 40 chars, ret=-1
  *traceroute: sendto: Invalid argument

  Òðàññèðîâêà ñ ñåòè Îôèñ2
  C:>tracert 192.168.100.6
  Òðàññèðîâêà ìàðøðóòà ê 192.168.100.6 ñ ìàêñèìàëüíûì ÷èñëîì ïðûæêîâ 30
    1    1 ms    1 ms    1 ms  192.168.102.5
    2    56 ms    55 ms    55 ms  192.168.100.6
  Òðàññèðîâêà çàâåðøåíà.
  C:>tracert 192.168.104.5
  Òðàññèðîâêà ìàðøðóòà ê 192.168.104.5 ñ ìàêñèìàëüíûì ÷èñëîì ïðûæêîâ 30
    1    1 ms    1 ms    1 ms  192.168.102.5
    2  192.168.102.5  ñîîáùàåò: Çàäàííûé óçåë íåäîñòóïåí.
  Òðàññèðîâêà çàâåðøåíà.
  C:>ping 192.168.104.5 /n 500
  Îáìåí ïàêåòàìè ñ 192.168.104.5 ïî ñ 32 áàéò äàííûõ:
  Îòâåò îò 192.168.102.5: Çàäàííûé óçåë íåäîñòóïåí. • Никак.


Log in to reply