\n \u25a0 MTU <\/span><\/span>
#sh int tu1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 192.168.48.234\/29
MTU 17862 bytes, BW 100 Kbit\/sec, DLY 50000 usec,
reliability 255\/255, txload 1\/255, rxload 1\/255
Encapsulation TUNNEL, loopback not set
Keepalive set (5 sec), retries 3
Tunnel linestate evaluation up
Tunnel source 192.168.1.2 (Vlan100), destination 52.196.175.0
Tunnel Subblocks:
src-track:
Tunnel1 source tracking subblock associated with Vlan100
Set of tunnels with source Vlan100, 1 member (includes iterators), on interface <OK>
Tunnel protocol\/transport IPSEC\/IP<\/b><\/span>
Tunnel TTL 255
Tunnel transport MTU 1422<\/b><\/span> bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile “VTI”)
Last input 19:27:49, output 18:54:11, output hang never
Last clearing of “show interface” counters 3d17h
Input queue: 0\/75\/0\/0 (size\/max\/drops\/flushes); Total output drops: 330
Queueing strategy: fifo
Output queue: 0\/0 (size\/max)
5 minute input rate 0 bits\/sec, 0 packets\/sec
5 minute output rate 0 bits\/sec, 0 packets\/sec
12728 packets input, 1119256 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
68893 packets output, 4199880 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out<\/span> permit ip host 172.16.1.1 host 172.16.1.2<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\u4ee5\u4e0b, Config\u629c\u7c8b\u3002<\/p>\n <\/p>\n \n\n\n\u25a0 Cisco \u629c\u7c8b<\/span><\/span>
!<\/span>
crypto isakmp policy 5<\/span>
encr aes 256<\/span>
hash sha256<\/span>
authentication pre-share<\/span>
group 14<\/span>
lifetime 3600<\/span>
crypto isakmp key aws address A.A.A.A 255.255.255.255<\/span>
crypto isakmp keepalive 30 30<\/span>
!<\/span>
!<\/span>
crypto ipsec transform-set IPSEC esp-aes 256 esp-sha256-hmac <\/span>
mode tunnel<\/span>
!
crypto ipsec profile VTI
set transform-set IPSEC
set pfs group14<\/span>
!<\/span>
!<\/span>
!<\/span>
interface Tunnel1<\/span>
ip address 192.168.254.1 255.255.255.0<\/span>
ip mtu 1422 <\/strike> ! \u2190 \u3044\u3089\u306a\u3044\u304b\u3082\u3002 \u4e0d\u8981\u3067\u3057\u305f\u3002 \u203b<\/span>
ip ospf network broadcast<\/span>
ip ospf hello-interval 5<\/span>
keepalive 5 3<\/span>
tunnel source Vlan100
tunnel mode ipsec ipv4
tunnel destination A.A.A.A
tunnel protection ipsec profile VTI<\/span>
!<\/span>
interface Vlan100<\/span>
ip address 192.168.1.2 255.255.255.0<\/span><\/span>
ip virtual-reassembly in<\/span><\/span>
!<\/span><\/span>
!<\/span><\/span>
!<\/span><\/span>
router ospf 1<\/span>
network 192.168.10.0 0.0.0.255 area 0<\/span>
network 192.168.254.0 0.0.0.255 area 0<\/span>
!<\/span>
!<\/span>
ip access-list extended AWS_GRE<\/span>
!<\/span>
permit ip host 172.16.1.1 host 172.16.1.2<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\u203b VTI\u306fMTU\u3092\u81ea\u52d5\u8a08\u7b97\u3059\u308b\u304b\u3089\u8a2d\u5b9a\u306f\u4e0d\u8981\uff08Cisco\u306e\u30da\u30fc\u30b8\u53c2\u7167<\/a>\uff09<\/span><\/p>\n\n\n\n\u25a0 Vyos \u629c\u7c8b<\/span>
set interfaces loopback lo address ‘172.16.1.2\/32’<\/span>
set interfaces vti vti1 address ‘192.168.48.233\/29’
set interfaces vti vti1 ip ospf dead-interval ’20’
set interfaces vti vti1 ip ospf hello-interval ‘5’
set interfaces vti vti1 ip ospf network ‘broadcast’
set interfaces vti vti1 ip ospf priority ‘1’
set interfaces vti vti1 ip ospf retransmit-interval ‘5’
set interfaces vti vti1 ip ospf transmit-delay ‘1’
set interfaces vti vti1 mtu ‘1422’<\/span> <\/span>
set protocols ospf area 0 network ‘192.168.254.0\/24’<\/span>
set protocols ospf area 0 network ‘10.10.20.0\/24′<\/span><\/span>
set protocols ospf log-adjacency-changes ‘detail’<\/span>
set protocols static route 0.0.0.0\/0 next-hop 10.10.10.1 distance ‘1’<\/span>
—-<\/span>
set vpn ipsec esp-group ESP_AWS compression ‘disable’<\/span>
set vpn ipsec esp-group ESP_AWS lifetime ‘3600’<\/span>
set vpn ipsec esp-group ESP_AWS mode ‘tunnel’<\/span>
set vpn ipsec esp-group ESP_AWS pfs ‘enable’<\/span>
set vpn ipsec esp-group ESP_AWS proposal 1 encryption ‘aes256’<\/span>
set vpn ipsec esp-group ESP_AWS proposal 1 hash ‘sha256’<\/span>
set vpn ipsec ike-group IKE_AWS dead-peer-detection action ‘hold’<\/span>
set vpn ipsec ike-group IKE_AWS dead-peer-detection interval ’30’<\/span>
set vpn ipsec ike-group IKE_AWS dead-peer-detection timeout ‘120’<\/span>
set vpn ipsec ike-group IKE_AWS lifetime ‘3600’<\/span>
set vpn ipsec ike-group IKE_AWS proposal 1 dh-group ’14’<\/span>
set vpn ipsec ike-group IKE_AWS proposal 1 encryption ‘aes256’<\/span>
set vpn ipsec ike-group IKE_AWS proposal 1 hash ‘sha256’<\/span>
set vpn ipsec ipsec-interfaces interface ‘eth0’<\/span>
set vpn ipsec logging log-modes ‘all’<\/span>
set vpn ipsec nat-traversal ‘enable’<\/span>
set vpn ipsec site-to-site peer Global IP authentication mode ‘pre-shared-secret’
set vpn ipsec site-to-site peer Global IP authentication pre-shared-secret ‘aws’
set vpn ipsec site-to-site peer Global IP authentication remote-id ‘192.168.1.2’
set vpn ipsec site-to-site peer Global IP connection-type ‘respond’
set vpn ipsec site-to-site peer Global IP ike-group ‘IKE_BB’
set vpn ipsec site-to-site peer Global IP ikev2-reauth ‘inherit’
set vpn ipsec site-to-site peer Global IP local-address ‘10.200.10.50’
set vpn ipsec site-to-site peer Global IP vti bind ‘vti1’
set vpn ipsec site-to-site peer Global IP vti esp-group ‘ESP_BB’<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\u30c8\u30f3\u30cd\u30eb\u5f35\u3063\u305f\u5f8c\u306b, \u300cOSPF\u3067\u30cd\u30a4\u30d0\u30fc\u304c\u30fc\u30fc\u30fc\u300d\u3063\u3066\u306a\u3063\u305f\u3051\u3069MTU\u30b5\u30a4\u30ba\u304c\u3042\u3063\u3066\u3044\u306a\u304b\u3063\u305f\u304b\u3089\u3002\u5408\u308f\u305b\u308c\u3070State Full\u306b\u306a\u308b\u3002<\/p>\n","protected":false},"excerpt":{"rendered":" VTI\u3067\u3082\u8a2d\u5b9a\u3057\u305f\u306e\u3067\u30e1\u30e2\u30fb\u30fb\u30fb\u3002 ACL\u3044\u3089\u306a\u3044\u3057, GRE\u5206\u306e\u30aa\u30fc\u30d0\u30fc\u30d8\u30c3\u30c9(24\u30d0\u30a4\u30c8)\u3082\u6e1b\u308b\u3057\u3053\u3063\u3061\u306e\u307b\u3046\u304c\u306a\u3093\u304b\u3044\u3044\u304b\u3082\u3002# IP\u4ee5\u5916\u306e\u30d7\u30ed\u30c8\u30b3\u30eb\u306a\u3093\u3066\u3042\u3093\u307e\u4f7f\u308f\u306a\u3044\u3057\u306a\u3002 \u25a0 MTU #sh in\u2026 \u7d9a\u304d\u3092\u8aad\u3080 »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[54,11,15,8],"tags":[],"class_list":["post-571","post","type-post","status-publish","format-standard","hentry","category-aws","category-cisco","category-network","category-8"],"_links":{"self":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=571"}],"version-history":[{"count":0,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=\/wp\/v2\/posts\/571\/revisions"}],"wp:attachment":[{"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.zassoul.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} | | |