xrcd2 網路小頑童: 2月 2023

Reference URL

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/vpns/site-to-site-vpn-quick-configs/site-to-site-vpn-with-ospf

https://www.gns3network.com/how-to-setup-ipsec-tunnel-between-palo-alto-and-fortigate-firewall/

MyLab PA SSH CLI History

admin@PA-VM>

admin@PA-VM> ping source 192.168.1.2 host 192.168.1.1

PING 192.168.1.1 (192.168.1.1) from 192.168.1.2 : 56(84) bytes of data.

64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=4.33 ms

64 bytes from 192.168.1.1: icmp_seq=2 ttl=255 time=1.65 ms

64 bytes from 192.168.1.1: icmp_seq=3 ttl=255 time=2.19 ms

--- 192.168.1.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2003ms

rtt min/avg/max/mdev = 1.650/2.726/4.331/1.156 ms

admin@PA-VM>

admin@PA-VM> ping source 192.168.144.1 host 210.10.1.1

PING 210.10.1.1 (210.10.1.1) from 192.168.144.1 : 56(84) bytes of data.

64 bytes from 210.10.1.1: icmp_seq=1 ttl=254 time=1.99 ms

64 bytes from 210.10.1.1: icmp_seq=2 ttl=254 time=2.16 ms

--- 210.10.1.1 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 1.990/2.076/2.162/0.086 ms

admin@PA-VM> ping source 192.168.144.1 host 192.168.100.10

PING 192.168.100.10 (192.168.100.10) from 192.168.144.1 : 56(84) bytes of data.

64 bytes from 192.168.100.10: icmp_seq=1 ttl=63 time=3.61 ms

64 bytes from 192.168.100.10: icmp_seq=2 ttl=63 time=1.45 ms

64 bytes from 192.168.100.10: icmp_seq=3 ttl=63 time=1.89 ms

--- 192.168.100.10 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2002ms

rtt min/avg/max/mdev = 1.457/2.322/3.615/0.931 ms

admin@PA-VM> traceroute source 192.168.144.1 host 192.168.100.10

traceroute to 192.168.100.10 (192.168.100.10), 30 hops max, 60 byte packets

1 192.168.1.1 (192.168.1.1) 2.249 ms 2.255 ms 3.625 ms

2 192.168.100.10 (192.168.100.10) 3.573 ms 3.596 ms 3.594 ms

admin@PA-VM> show routing protocol ospf neighbor

Options: 0x80:reserved, O:Opaq-LSA capability, DC:demand circuits, EA:Ext-Attr LSA capability,

N/P:NSSA option, MC:multicase, E:AS external LSA capability, T:TOS capability

==========

virtual router: default

neighbor address: 192.168.1.1

local address binding: 0.0.0.0

type: dynamic

status: exchange start

neighbor router ID: 192.168.1.1

area id: 0.0.0.0

neighbor priority: 1

lifetime remain: 32

messages pending: 0

LSA request pending: 0

options: 0x00

hello suppressed: no

restart helper status: not helping

restart helper time remaining: 0

restart helper exit reason: none

admin@PA-VM> show routing protocol ospf summary

==========

router id: 192.168.1.2

virtual router: default

reject default route: yes

redist default route: block

spf calculation delay (sec): 5.00

LSA interval timer (sec): 5.00

RFC1583 behavior: no

area border router: no

AS border router: yes

LS type 5 count: 0

LS type 11 count: 0

LS sent count: 6

LS recv count: 0

area id: 0.0.0.0

interface: 192.168.1.2

interface: 192.168.144.1

dynamic neighbors:

IP 192.168.1.1 ID 192.168.1.1

admin@PA-VM> show routing protocol ospf neighbor

Options: 0x80:reserved, O:Opaq-LSA capability, DC:demand circuits, EA:Ext-Attr LSA capability,

N/P:NSSA option, MC:multicase, E:AS external LSA capability, T:TOS capability

==========

virtual router: default

neighbor address: 192.168.1.1

local address binding: 0.0.0.0

type: dynamic

status: exchange start

neighbor router ID: 192.168.1.1

area id: 0.0.0.0

neighbor priority: 1

lifetime remain: 32

messages pending: 0

LSA request pending: 0

options: 0x00

hello suppressed: no

restart helper status: not helping

restart helper time remaining: 0

restart helper exit reason: none

admin@PA-VM> show routing route

flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp,

Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2, E:ecmp, M:multicast

VIRTUAL ROUTER: default (id 1)

==========

destination nexthop metric flags age interface next-AS

0.0.0.0/0 68.10.1.30 10 A S ethernet1/1

68.10.1.0/27 68.10.1.1 0 A C ethernet1/1

68.10.1.1/32 0.0.0.0 0 A H

192.168.1.0/24 0.0.0.0 10 A S tunnel.1

192.168.1.0/30 0.0.0.0 10 Oi 1402 tunnel.1

192.168.1.0/30 192.168.1.2 0 A C tunnel.1

192.168.1.2/32 0.0.0.0 0 A H

192.168.100.0/24 0.0.0.0 10 A S tunnel.1

192.168.144.0/24 0.0.0.0 10 Oi 1402 ethernet1/2

192.168.144.0/24 192.168.144.1 0 A C ethernet1/2

192.168.144.1/32 0.0.0.0 0 A H

total routes shown: 11

admin@PA-VM>

admin@PA-VM> show routing route

flags: A:active, ?:loose, C:connect, H:host, S:static, ~:internal, R:rip, O:ospf, B:bgp,

Oi:ospf intra-area, Oo:ospf inter-area, O1:ospf ext-type-1, O2:ospf ext-type-2, E:ecmp, M:multicast

VIRTUAL ROUTER: default (id 1)

==========

destination nexthop metric flags age interface next-AS

0.0.0.0/0 68.10.1.30 10 A S ethernet1/1

68.10.1.0/27 68.10.1.1 0 A C ethernet1/1

68.10.1.1/32 0.0.0.0 0 A H

110.10.1.0/27 192.168.1.1 10 A O2 29 tunnel.1

192.168.1.0/24 0.0.0.0 1 A ~

192.168.1.0/30 0.0.0.0 10 S tunnel.1

192.168.1.0/30 0.0.0.0 10 Oi 546 tunnel.1

192.168.1.0/30 192.168.1.2 0 A C tunnel.1

192.168.1.1/32 192.168.1.1 10 A Oi 29 tunnel.1

192.168.1.2/32 0.0.0.0 0 A H

192.168.100.0/24 0.0.0.0 10 A S tunnel.1

192.168.100.0/24 192.168.1.1 11 Oi 29 tunnel.1

192.168.144.0/24 0.0.0.0 1 ~

192.168.144.0/24 0.0.0.0 10 Oi 546 ethernet1/2

192.168.144.0/24 192.168.144.1 0 A C ethernet1/2

192.168.144.1/32 0.0.0.0 0 A H

210.10.1.0/27 192.168.1.1 10 A O2 29 tunnel.1

total routes shown: 17

admin@PA-VM>

xrcd2 網路小頑童

2023年2月27日星期一

OSPF over IPsec for PaloAlto and FortiGate Firewall

2023年2月26日星期日

OSPF over IPsec for network redundancy ( FortiGate Firewall )

2023年2月27日 星期一

OSPF over IPsec for PaloAlto and FortiGate Firewall

2023年2月26日 星期日

OSPF over IPsec for network redundancy ( FortiGate Firewall )

2023年2月27日星期一

2023年2月26日星期日