Проверка IP связности

1.    Проверьте, что с криптошлюзов Hub1 и Spoke1 по ICMP доступен шлюз по умолчанию (Router1). Для этого выполните команду ping из cisco-like консоли криптошлюзов.

Hub1#ping 172.16.100.1

PING 172.16.100.1 (172.16.100.1) 100(128) bytes of data.

108 bytes from 172.16.100.1: icmp_seq=1 ttl=64 time=0.918 ms

108 bytes from 172.16.100.1: icmp_seq=2 ttl=64 time=0.250 ms

108 bytes from 172.16.100.1: icmp_seq=3 ttl=64 time=0.306 ms

108 bytes from 172.16.100.1: icmp_seq=4 ttl=64 time=0.225 ms

108 bytes from 172.16.100.1: icmp_seq=5 ttl=64 time=0.238 ms

 

--- 172.16.100.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4081ms

rtt min/avg/max/mdev = 0.225/0.387/0.918/0.267 ms

Spoke1#ping 172.16.1.1

PING 172.16.1.1 (172.16.1.1) 100(128) bytes of data.

108 bytes from 172.16.1.1: icmp_seq=1 ttl=64 time=0.771 ms

108 bytes from 172.16.1.1: icmp_seq=2 ttl=64 time=0.282 ms

108 bytes from 172.16.1.1: icmp_seq=3 ttl=64 time=0.276 ms

108 bytes from 172.16.1.1: icmp_seq=4 ttl=64 time=0.268 ms

108 bytes from 172.16.1.1: icmp_seq=5 ttl=64 time=0.244 ms

 

--- 172.16.1.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4096ms

rtt min/avg/max/mdev = 0.244/0.368/0.771/0.202 ms

Видно, что устройство Router1 доступно по ICMP как с Hub1, так и со Spoke1.

2.    Проверьте, что с криптошлюза Hub1 доступен по ICMP криптошлюз Spoke1 (по внешним интерфейсам). Для этого выполните команду ping из cisco-like консоли криптошлюзов.

Hub1#ping 172.16.1.2

PING 172.16.1.2 (172.16.1.2) 100(128) bytes of data.

108 bytes from 172.16.1.2: icmp_seq=1 ttl=63 time=0.802 ms

108 bytes from 172.16.1.2: icmp_seq=2 ttl=63 time=0.416 ms

108 bytes from 172.16.1.2: icmp_seq=3 ttl=63 time=0.449 ms

108 bytes from 172.16.1.2: icmp_seq=4 ttl=63 time=0.393 ms

108 bytes from 172.16.1.2: icmp_seq=5 ttl=63 time=0.485 ms

 

--- 172.16.1.2 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 4083ms

rtt min/avg/max/mdev = 0.393/0.509/0.802/0.149 ms

Видно, что с криптошлюза Hub1 доступен по ICMP криптошлюз Spoke1.

3.    Проверьте, что с защищаемых устройств host0-behind-hub1, host1-behind-hub1 доступны по ICMP IP адреса, заданные на интерфейсах коммутаторов (br0 и br1) криптошлюза Hub1. Для этого выполните команду ping из linux bash консоли защищаемых устройств.

root@host0-behind-hub1:~# ping 192.168.100.1 -c 5

PING 192.168.100.1 (192.168.100.1) 56(84) bytes of data.

64 bytes from 192.168.100.1: icmp_seq=1 ttl=64 time=2.78 ms

64 bytes from 192.168.100.1: icmp_seq=2 ttl=64 time=0.685 ms

64 bytes from 192.168.100.1: icmp_seq=3 ttl=64 time=0.667 ms

64 bytes from 192.168.100.1: icmp_seq=4 ttl=64 time=0.648 ms

64 bytes from 192.168.100.1: icmp_seq=5 ttl=64 time=0.720 ms

 

--- 192.168.100.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 11ms

rtt min/avg/max/mdev = 0.648/1.100/2.783/0.842 ms

root@host1-behind-hub1:~# ping 192.168.101.1 -c 5

PING 192.168.101.1 (192.168.101.1) 56(84) bytes of data.

64 bytes from 192.168.101.1: icmp_seq=1 ttl=64 time=1.90 ms

64 bytes from 192.168.101.1: icmp_seq=2 ttl=64 time=0.419 ms

64 bytes from 192.168.101.1: icmp_seq=3 ttl=64 time=0.403 ms

64 bytes from 192.168.101.1: icmp_seq=4 ttl=64 time=0.663 ms

64 bytes from 192.168.101.1: icmp_seq=5 ttl=64 time=0.608 ms

 

--- 192.168.101.1 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 11ms

rtt min/avg/max/mdev = 0.403/0.799/1.902/0.560 ms

Видно, что с устройств host0-behind-hub1, host1-behind-hub1 доступны по ICMP соответствующие IP адреса, заданные на интерфейсах коммутаторов (br0 и br1) криптошлюза Hub1.

4.    Проверьте, что с защищаемых устройств host0-behind-spoke1, host1-behind-spoke1 доступны по ICMP IP адреса, заданные на интерфейсах коммутаторов (br0 и br1) криптошлюза Spoke1. Для этого выполните команду ping из linux bash консоли защищаемых устройств.

root@host0-behind-spoke1:~# ping 192.168.100.2 -c 5

PING 192.168.100.2 (192.168.100.2) 56(84) bytes of data.

64 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=1.55 ms

64 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=0.558 ms

64 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=0.585 ms

64 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=0.544 ms

64 bytes from 192.168.100.2: icmp_seq=5 ttl=64 time=0.546 ms

 

--- 192.168.100.2 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 11ms

rtt min/avg/max/mdev = 0.544/0.755/1.546/0.396 ms

root@host1-behind-spoke1:~# ping 192.168.101.2 -c 5

PING 192.168.101.2 (192.168.101.2) 56(84) bytes of data.

64 bytes from 192.168.101.2: icmp_seq=1 ttl=64 time=0.628 ms

64 bytes from 192.168.101.2: icmp_seq=2 ttl=64 time=0.501 ms

64 bytes from 192.168.101.2: icmp_seq=3 ttl=64 time=0.583 ms

64 bytes from 192.168.101.2: icmp_seq=4 ttl=64 time=0.719 ms

64 bytes from 192.168.101.2: icmp_seq=5 ttl=64 time=0.674 ms

 

--- 192.168.101.2 ping statistics ---

5 packets transmitted, 5 received, 0% packet loss, time 11ms

rtt min/avg/max/mdev = 0.501/0.621/0.719/0.075 ms

Видно, что с устройств host0-behind-spoke1, host1-behind-spoke1 доступны по ICMP соответствующие IP адреса, заданные на интерфейсах коммутаторов (br0 и br1) криптошлюза Spoke1.