Проверка IP связности

1.    Проверьте, что с криптошлюзов Hub1 и Spoke1 по ICMP доступны их соответствующие шлюзы по умолчанию (Hub1_Router и Spoke1_Router). Для этого выполните команду ping из cisco-like консоли криптошлюзов.

Hub1#ping 100.100.100.1

PING 100.100.100.1 (100.100.100.1) 100(128) bytes of data.

108 bytes from 100.100.100.1: icmp_seq=1 ttl=64 time=0.151 ms

108 bytes from 100.100.100.1: icmp_seq=2 ttl=64 time=0.271 ms

108 bytes from 100.100.100.1: icmp_seq=3 ttl=64 time=0.262 ms

108 bytes from 100.100.100.1: icmp_seq=4 ttl=64 time=0.275 ms

108 bytes from 100.100.100.1: icmp_seq=5 ttl=64 time=0.282 ms

 

--- 100.100.100.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4077ms

rtt min/avg/max/mdev = 0.151/0.248/0.282/0.050 ms

Spoke1#ping 100.100.1.1

PING 100.100.1.1 (100.100.1.1) 100(128) bytes of data.

108 bytes from 100.100.1.1: icmp_seq=1 ttl=64 time=0.159 ms

108 bytes from 100.100.1.1: icmp_seq=2 ttl=64 time=0.210 ms

108 bytes from 100.100.1.1: icmp_seq=3 ttl=64 time=0.200 ms

108 bytes from 100.100.1.1: icmp_seq=4 ttl=64 time=0.224 ms

108 bytes from 100.100.1.1: icmp_seq=5 ttl=64 time=0.208 ms

 

--- 100.100.1.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4074ms

rtt min/avg/max/mdev = 0.159/0.200/0.224/0.023 ms

Видно, что соответствующие шлюзы по умолчанию доступны по ICMP.

2.    Проверьте, что с криптошлюзов Hub1 и Spoke1 по ICMP есть доступ в Интернет (в данном сценарии – устройство Router1). Для этого выполните команду ping из cisco-like консоли криптошлюзов на IP адрес 172.16.101.15 (адрес сервера распространения СОС).

Hub1#ping 172.16.101.15

Hub1#ping 172.16.101.15

PING 172.16.101.15 (172.16.101.15) 100(128) bytes of data.

108 bytes from 172.16.101.15: icmp_seq=1 ttl=63 time=0.343 ms

108 bytes from 172.16.101.15: icmp_seq=2 ttl=63 time=0.468 ms

108 bytes from 172.16.101.15: icmp_seq=3 ttl=63 time=0.352 ms

108 bytes from 172.16.101.15: icmp_seq=4 ttl=63 time=0.361 ms

108 bytes from 172.16.101.15: icmp_seq=5 ttl=63 time=0.411 ms

 

--- 172.16.101.15 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4103ms

rtt min/avg/max/mdev = 0.343/0.387/0.468/0.046 ms

Spoke1#ping 172.16.101.15

PING 172.16.101.15 (172.16.101.15) 100(128) bytes of data.

108 bytes from 172.16.101.15: icmp_seq=1 ttl=63 time=0.324 ms

108 bytes from 172.16.101.15: icmp_seq=2 ttl=63 time=0.460 ms

108 bytes from 172.16.101.15: icmp_seq=3 ttl=63 time=0.278 ms

108 bytes from 172.16.101.15: icmp_seq=4 ttl=63 time=0.496 ms

108 bytes from 172.16.101.15: icmp_seq=5 ttl=63 time=0.493 ms

 

--- 172.16.101.15 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4074ms

rtt min/avg/max/mdev = 0.278/0.410/0.496/0.092 ms

            Видно, что есть доступ в Интернет с обоих криптошлюзов по ICMP.

3.    Проверьте, что с защищаемых устройств Host_behind_spoke1 и Host_behind_hub1 доступен по ICMP соответствующий криптошлюз, который является шлюзом по умолчанию. Для этого выполните команду ping из linux bash консоли защищаемых устройств.

root@Host_b_hub1:~# ping 192.168.100.1 -c 5

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.

64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=0.211 ms

64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.235 ms

64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.223 ms

64 bytes from 192.168.100.1: icmp_seq=4 ttl=64 time=0.254 ms

64 bytes from 192.168.100.1: icmp_seq=5 ttl=64 time=0.233 ms

 

--- 192.168.100.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4088ms

rtt min/avg/max/mdev = 0.211/0.231/0.254/0.017 ms

root@Host_b_spoke1:~# ping 192.168.1.1 -c 5

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.

64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.214 ms

64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.223 ms

64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.189 ms

64 bytes from 192.168.1.1: icmp_seq=4 ttl=64 time=0.210 ms

64 bytes from 192.168.1.1: icmp_seq=5 ttl=64 time=0.212 ms

 

--- 192.168.1.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4083ms

rtt min/avg/max/mdev = 0.189/0.209/0.223/0.019 ms

Видно, что с защищаемых устройств Host_behind_spoke1 и Host_behind_hub1 соответствующие криптошлюзы доступны по ICMP.

4.    Проверьте, что с криптошлюза Spoke1 доступен по ICMP маршрутизатор Hub1_Router (по внешним интерфейсам). Для этого выполните команду ping из cisco-like консоли криптошлюзов.

Spoke1#ping 172.16.100.2

PING 172.16.100.2 (172.16.100.2) 100(128) bytes of data.

108 bytes from 172.16.100.2: icmp_seq=1 ttl=62 time=0.570 ms

108 bytes from 172.16.100.2: icmp_seq=2 ttl=62 time=0.657 ms

108 bytes from 172.16.100.2: icmp_seq=3 ttl=62 time=0.549 ms

108 bytes from 172.16.100.2: icmp_seq=4 ttl=62 time=0.586 ms

108 bytes from 172.16.100.2: icmp_seq=5 ttl=62 time=0.620 ms

 

--- 172.16.100.2 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4075ms

rtt min/avg/max/mdev = 0.549/0.596/0.657/0.043 ms

Видно, что с криптошлюза Spoke1 доступен по ICMP маршрутизатор Hub1_Router.