IT QAQ: IPsec VPN between MOXA EDR-810 & Cisco Routers

Test Platform:
MOXA EDR-810
Cisco CSR1000v

Topology:

MOXA EDR-810 Config:

Cisco CSR1000v Config:

crypto isakmp policy 1
 encr aes
 hash sha256
 authentication pre-share
 group 2
crypto isakmp key moxa address 10.0.0.1       
!
crypto ipsec transform-set myset esp-aes esp-sha256-hmac 
 mode tunnel
!
crypto map mymap 1 ipsec-isakmp 
 set peer 10.0.0.1
 set transform-set myset 
 match address 100
!
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
!
interface GigabitEthernet1
 ip address 10.0.0.2 255.255.255.0
 crypto map mymap
 no shutdown
!
interface GigabitEthernet2
 ip address 192.168.2.1 255.255.255.0
 no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.0.0.254
!

After ping from Test PC1 to Test PC2 success, check status

MOXA EDR-810 IPsec Status:

Cisco CSR1000v IPsec Status:

Cisco#show crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
10.0.0.2        10.0.0.1        QM_IDLE           1646 ACTIVE

IPv6 Crypto ISAKMP SA

Cisco#

Cisco#show crypto ipsec sa

interface: GigabitEthernet1
    Crypto map tag: mymap, local addr 10.0.0.2

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
   current_peer 10.0.0.1 port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 369, #pkts encrypt: 369, #pkts digest: 369
    #pkts decaps: 584, #pkts decrypt: 584, #pkts verify: 584
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 10.0.0.2, remote crypto endpt.: 10.0.0.1
     plaintext mtu 1438, path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet1
     current outbound spi: 0xEF8430B0(4018417840)
     PFS (Y/N): N, DH group: none

     inbound esp sas:
      spi: 0xA89A0270(2828665456)
        transform: esp-aes esp-sha256-hmac ,
        in use settings ={Tunnel, }
        conn id: 3019, flow_id: CSR:1019, sibling_flags FFFFFFFF80000048, crypto map: mymap
        sa timing: remaining key lifetime (k/sec): (4607991/3332)
        IV size: 16 bytes
        replay detection support: Y
        ecn bit support: N status: off
        Status: ACTIVE(ACTIVE)

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0xEF8430B0(4018417840)
        transform: esp-aes esp-sha256-hmac ,
        in use settings ={Tunnel, }
        conn id: 3020, flow_id: CSR:1020, sibling_flags FFFFFFFF80000048, crypto map: mymap
        sa timing: remaining key lifetime (k/sec): (4607995/3332)
        IV size: 16 bytes
        replay detection support: Y
        ecn bit support: N status: off
        Status: ACTIVE(ACTIVE)

     outbound ah sas:

     outbound pcp sas:
Cisco#

2024年1月27日 星期六

IPsec VPN between MOXA EDR-810 & Cisco Routers

2024年1月27日星期六