So please use it as the reference.
The packet capture can be downloaded from here.
The flow looks like the following when I ping from R1's Loopback to R3's Loopback for the 1st time.
1st 6 packets are because of the Main Mode of the IKE Phase 1 and the next 3 packets are from IKE Phase 2 Quick Mode and next 8 packets are because of the ICMP traffic I pinged which are the actual data. 8 packets are here because of the sent and received replies for 4 complete ICMP pings and the 1st ping is dropped as you can see.
If you analysed the 1st 2 packets, you will see the parameters are negotiating from both ends..
In 3rd and 4th packets you will find the DH keys are exchanged with nounce from both parties.
5th and 6th massages are now encrypted from the generated keys, so the content will not be visible. They will be used for identification and authentication of each peer.
Actually the later packets are all encrypted. So you want find much information from packet capture.
Note:-
When you hit the command ping 3.3.3.3 and if the outgoing interface is configured with a crypto map which matches the traffic in ACL, the destination address of the packet will be the peer address of the crypto map (192.168.23.3) for both Tunnel and Transport modes.
No comments:
Post a Comment