T*m
2 楼
千载人间寂寞,
三尺西窗寥廓。
谁伫望?绪无凭。
永夜之巅形魄。
姿绰,
犹若,
一半相思零落。
三尺西窗寥廓。
谁伫望?绪无凭。
永夜之巅形魄。
姿绰,
犹若,
一半相思零落。
i*n
3 楼
我无意中发现这个网页,在这个目录下,有很多珍贵的京剧资料可以很方便的下载,也
有一点昆曲的。他这个主要是比较好东西全,比较集中。仔细看,在底下的各个子目录
里有很多好东西。强烈推荐,链接如下:
http://iask.sina.com.cn/u/1441229524/ish?folderid=0
有一点昆曲的。他这个主要是比较好东西全,比较集中。仔细看,在底下的各个子目录
里有很多好东西。强烈推荐,链接如下:
http://iask.sina.com.cn/u/1441229524/ish?folderid=0
a*t
4 楼
虞美人。归期
此生恨是多情种,无故悲凉涌。
为情困惑为情痴,却怨秋风惹我起相思。
秋林咄咄寒鸦叫,细数归期到。
沈郎一去杳无音,许是烟萝柳絮绕君心?
此生恨是多情种,无故悲凉涌。
为情困惑为情痴,却怨秋风惹我起相思。
秋林咄咄寒鸦叫,细数归期到。
沈郎一去杳无音,许是烟萝柳絮绕君心?
x*n
5 楼
R1和R2,建立site to site VPN,
图一design,每一次customer要加新的private iP range,就要create IP accesslist。
现在我设计成图2.加了一个router,然后每一次加新的subnet,加到新的router上,然
后tunnel呢,仍然在原来的地方,只是每一个subnet都points to IPA 或者B上。
同事说这样不行,因为packet的source IP还是DEF。。。
我也不太确定,我觉得router A至少learn到了新的IP吧。
图一design,每一次customer要加新的private iP range,就要create IP accesslist。
现在我设计成图2.加了一个router,然后每一次加新的subnet,加到新的router上,然
后tunnel呢,仍然在原来的地方,只是每一个subnet都points to IPA 或者B上。
同事说这样不行,因为packet的source IP还是DEF。。。
我也不太确定,我觉得router A至少learn到了新的IP吧。
d*h
6 楼
想在coreldraw里面画上类似坐标轴一类的直线,直线上标上分隔的小短线将直线等分
。但是不知道怎么搞。
我现在的笨办法是先画上直线,然后再画上几条垂直的小短线,然后调整这些短线的位
置到直线的等分位置。这个办法太笨太费时间了,不知道有没有更好的办法。
非常感谢!祝各位大牛周末愉快!
。但是不知道怎么搞。
我现在的笨办法是先画上直线,然后再画上几条垂直的小短线,然后调整这些短线的位
置到直线的等分位置。这个办法太笨太费时间了,不知道有没有更好的办法。
非常感谢!祝各位大牛周末愉快!
w*n
7 楼
前两天想着系统好久没更新了,就运行了一下windows update,但有一个重要更新怎么
都装不上,.Net Framwork 4 Client Profile,错误代码为800B010B。网上搜了一圈,
都没找到解决办法,不知道版上有没有高人知道如何解决,万分感谢。我用的是Win7
Ultimate 64bit。
都装不上,.Net Framwork 4 Client Profile,错误代码为800B010B。网上搜了一圈,
都没找到解决办法,不知道版上有没有高人知道如何解决,万分感谢。我用的是Win7
Ultimate 64bit。
b*a
8 楼
前几周面试一个position,transportation方向的,挂掉了。
但是感觉他们是需要人,我周五投的简历,周一就电面了。经验也不需要太多,
2 yr + ,觉得fresh master都可以试试看。
http://jobs-stantec.icims.com/jobs/6744/job
但是感觉他们是需要人,我周五投的简历,周一就电面了。经验也不需要太多,
2 yr + ,觉得fresh master都可以试试看。
http://jobs-stantec.icims.com/jobs/6744/job
m*e
9 楼
年龄不小啦 找个24~28岁的男士合适就结婚啦,父母催的要死
女生27岁,未婚,身高167cm, 平时喜欢美食和由于本人运动
当前婚姻状态(从没结过婚/离异/丧偶): 从未过结过婚
我的要求很简去单,相貌不要太张扬,过得去就行。赚钱多少
都无所谓,饿不着就行,关键是你有上进心,我们可以一起拼搏。
一定要对我好,责任心要强要是个顾家的人,希望你是个不吸烟
不喝酒的人,我各方面条件都OK,我的详细情况以及我的生活照
我都已经放在我的空间里
http://wodekongjian.diige.cn/ZnqvS
如果你觉得我们合适可以在我空间的日志里留个联系方式,我看
。
到信息会马上跟你联系,白天上班比较忙 一般都是晚上回家才能
回复你
女生27岁,未婚,身高167cm, 平时喜欢美食和由于本人运动
当前婚姻状态(从没结过婚/离异/丧偶): 从未过结过婚
我的要求很简去单,相貌不要太张扬,过得去就行。赚钱多少
都无所谓,饿不着就行,关键是你有上进心,我们可以一起拼搏。
一定要对我好,责任心要强要是个顾家的人,希望你是个不吸烟
不喝酒的人,我各方面条件都OK,我的详细情况以及我的生活照
我都已经放在我的空间里
http://wodekongjian.diige.cn/ZnqvS
如果你觉得我们合适可以在我空间的日志里留个联系方式,我看
。
到信息会马上跟你联系,白天上班比较忙 一般都是晚上回家才能
回复你
f*g
10 楼
好消息!
NSC继续加油啊
NSC继续加油啊
S*t
11 楼
等包子和海参过来砍
好是好,似乎还未太用心。。。
好是好,似乎还未太用心。。。
s*g
13 楼
Your colleague is right, to solve the problem you mentioned just use IPsec transport mode (aka, IPsec/GRE) instead of tunnel mode (aka, direct encapsulation).
H*J
14 楼
画一条一端是箭头的直线,箭头类型是一条竖线,然后C&P。
或者直接从Origin之类的软件里把坐标贴过来。
或者直接从Origin之类的软件里把坐标贴过来。
n*e
15 楼
TSC 加油啊!!!
h*t
16 楼
好词啊。
不行。。。得等包子来庖丁解牛,俺顺风扔几个砖头
不行。。。得等包子来庖丁解牛,俺顺风扔几个砖头
m*t
18 楼
your colleague is right, the IPsec SPD policies are triggered by the IP
ranges. unless on the router you added, you will perform source NAT.
accesslist。
【在 x*********n 的大作中提到】![](/moin_static193/solenoid/img/up.png)
: R1和R2,建立site to site VPN,
: 图一design,每一次customer要加新的private iP range,就要create IP accesslist。
: 现在我设计成图2.加了一个router,然后每一次加新的subnet,加到新的router上,然
: 后tunnel呢,仍然在原来的地方,只是每一个subnet都points to IPA 或者B上。
: 同事说这样不行,因为packet的source IP还是DEF。。。
: 我也不太确定,我觉得router A至少learn到了新的IP吧。
ranges. unless on the router you added, you will perform source NAT.
accesslist。
【在 x*********n 的大作中提到】
![](/moin_static193/solenoid/img/up.png)
: R1和R2,建立site to site VPN,
: 图一design,每一次customer要加新的private iP range,就要create IP accesslist。
: 现在我设计成图2.加了一个router,然后每一次加新的subnet,加到新的router上,然
: 后tunnel呢,仍然在原来的地方,只是每一个subnet都points to IPA 或者B上。
: 同事说这样不行,因为packet的source IP还是DEF。。。
: 我也不太确定,我觉得router A至少learn到了新的IP吧。
h*i
20 楼
pretty good one
may need some further modification for a couple of words
may need some further modification for a couple of words
x*n
22 楼
我要消化一下楼上大侠的话,多谢指点。
z*y
23 楼
tnnd的,TSC不作为,消极批准,给关门算了
T*m
24 楼
哎呀,都是一手拿蛋糕,一手拿大棒的呀。:)
t*r
26 楼
赛王真是个好人...........哥搞IPSEC VPN是N年前的事儿了.
N>=6
N>=6
b*m
27 楼
5月10号的RD急等……
h*t
28 楼
.......................................
p*x
30 楼
even with ipsec/gre, why can't be done in tunnel mode?
transport mode (aka, IPsec/GRE) instead of tunnel mode (aka, direct
encapsulation).
【在 s*****g 的大作中提到】![](/moin_static193/solenoid/img/up.png)
: Your colleague is right, to solve the problem you mentioned just use IPsec transport mode (aka, IPsec/GRE) instead of tunnel mode (aka, direct encapsulation).
transport mode (aka, IPsec/GRE) instead of tunnel mode (aka, direct
encapsulation).
【在 s*****g 的大作中提到】
![](/moin_static193/solenoid/img/up.png)
: Your colleague is right, to solve the problem you mentioned just use IPsec transport mode (aka, IPsec/GRE) instead of tunnel mode (aka, direct encapsulation).
j*f
31 楼
5/9急等,bless
s*g
33 楼
You can, but what does that buy you? to have 20 bytes extra overhead?
p*x
35 楼
maybe more secure and NAT friendly?;)
interesting that you mentioned IPsec/GRE, I suppose you meant gre over ipsec
since you picked transport mode. with that setup, it is also extra overhead
to provide encryption to routing protocol...i would probably do ipsec over
gre tunnels, so the gre takes care any multicast or broadcast stuff while
the encrypted traffic rides inside the tunnel. it's easier on cpu and memory
too.
interesting that you mentioned IPsec/GRE, I suppose you meant gre over ipsec
since you picked transport mode. with that setup, it is also extra overhead
to provide encryption to routing protocol...i would probably do ipsec over
gre tunnels, so the gre takes care any multicast or broadcast stuff while
the encrypted traffic rides inside the tunnel. it's easier on cpu and memory
too.
s*g
37 楼
I meant to say GRE/IPsec (GRE packet is encapsulated inside IP/ESP packet) to be exact ... with GRE/IPsec in tunnel mode you need 20 bytes more than in transport mode.
Can you explain how IPsec/GRE (which means ESP is encapsulated inside GRE) is configured in a typical Cisco box? and in this case how can multicast/broadcast traffic can be encrypted by IPsec before encaped by GRE? or how do you define IPsec "interesting" traffic?
ipsec
overhead
over
memory
【在 p**x 的大作中提到】![](/moin_static193/solenoid/img/up.png)
: maybe more secure and NAT friendly?;)
: interesting that you mentioned IPsec/GRE, I suppose you meant gre over ipsec
: since you picked transport mode. with that setup, it is also extra overhead
: to provide encryption to routing protocol...i would probably do ipsec over
: gre tunnels, so the gre takes care any multicast or broadcast stuff while
: the encrypted traffic rides inside the tunnel. it's easier on cpu and memory
: too.
Can you explain how IPsec/GRE (which means ESP is encapsulated inside GRE) is configured in a typical Cisco box? and in this case how can multicast/broadcast traffic can be encrypted by IPsec before encaped by GRE? or how do you define IPsec "interesting" traffic?
ipsec
overhead
over
memory
【在 p**x 的大作中提到】
![](/moin_static193/solenoid/img/up.png)
: maybe more secure and NAT friendly?;)
: interesting that you mentioned IPsec/GRE, I suppose you meant gre over ipsec
: since you picked transport mode. with that setup, it is also extra overhead
: to provide encryption to routing protocol...i would probably do ipsec over
: gre tunnels, so the gre takes care any multicast or broadcast stuff while
: the encrypted traffic rides inside the tunnel. it's easier on cpu and memory
: too.
p*x
39 楼
It's actually pretty much the same, only that you don't encrypt the entire
GRE tunnel in crypto acl, GRE only used as a carrier for IPsec traffic.
Configure ipsec security protocol, define esp or ah or both. Define
interesting traffic in crypto acl. Create gre tunnel, allow routing protocol
or static pass through between ipsec peers.
however, mcast/bcast along with routing protocols are only wrapped by gre,
and interesting(protected) traffic are wrapped by esp and gre.
GRE tunnel in crypto acl, GRE only used as a carrier for IPsec traffic.
Configure ipsec security protocol, define esp or ah or both. Define
interesting traffic in crypto acl. Create gre tunnel, allow routing protocol
or static pass through between ipsec peers.
however, mcast/bcast along with routing protocols are only wrapped by gre,
and interesting(protected) traffic are wrapped by esp and gre.
s*g
41 楼
Hmm, never tried this configuration before, so let's try to think in router's mind:
In GRE/IPsec case, when a packet comes in, router does ip lookup, next hop is GRE tunnel, so router encap's original packet with IP-GRE header, which subsequently triggers IPsec before the packet is placed on wire, the sequence makes perfect sense to me.
Now with IPsec/GRE case, when a packet comes in, it does route lookup, next hop has to be a tunnel interface in order to solve LZ's original problem, but then router will trigger IPsec first? how does your cryto ACL look like?
protocol
【在 p**x 的大作中提到】![](/moin_static193/solenoid/img/up.png)
: It's actually pretty much the same, only that you don't encrypt the entire
: GRE tunnel in crypto acl, GRE only used as a carrier for IPsec traffic.
: Configure ipsec security protocol, define esp or ah or both. Define
: interesting traffic in crypto acl. Create gre tunnel, allow routing protocol
: or static pass through between ipsec peers.
: however, mcast/bcast along with routing protocols are only wrapped by gre,
: and interesting(protected) traffic are wrapped by esp and gre.
In GRE/IPsec case, when a packet comes in, router does ip lookup, next hop is GRE tunnel, so router encap's original packet with IP-GRE header, which subsequently triggers IPsec before the packet is placed on wire, the sequence makes perfect sense to me.
Now with IPsec/GRE case, when a packet comes in, it does route lookup, next hop has to be a tunnel interface in order to solve LZ's original problem, but then router will trigger IPsec first? how does your cryto ACL look like?
protocol
【在 p**x 的大作中提到】
![](/moin_static193/solenoid/img/up.png)
: It's actually pretty much the same, only that you don't encrypt the entire
: GRE tunnel in crypto acl, GRE only used as a carrier for IPsec traffic.
: Configure ipsec security protocol, define esp or ah or both. Define
: interesting traffic in crypto acl. Create gre tunnel, allow routing protocol
: or static pass through between ipsec peers.
: however, mcast/bcast along with routing protocols are only wrapped by gre,
: and interesting(protected) traffic are wrapped by esp and gre.
h*t
42 楼
Trim 妹妹真才情,佩服佩服。
a*n
43 楼
crypto map is old fashion, new way in Cisco is Virtual Tunnel Interface.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide
So basically, there are IPSec VPN, SSL VPN, Easy VPN, DMVPN, GET VPN, and
MPLS VPN(L2 or L3) in terms of VPN world.
Almost all of these VPNs could be integrated with VRF to further separate
traffic.
Now days, most firewall features are VRF aware too.
router's mind:
is GRE tunnel, so router encap's original packet with IP-GRE header, which
subsequently triggers IPsec before the packet is placed on wire, the
sequence makes perfect sense to me.
next hop has to be a tunnel interface in order to solve LZ's original
problem, but then router will trigger IPsec first? how does your cryto ACL
look like?
【在 s*****g 的大作中提到】![](/moin_static193/solenoid/img/up.png)
: Hmm, never tried this configuration before, so let's try to think in router's mind:
: In GRE/IPsec case, when a packet comes in, router does ip lookup, next hop is GRE tunnel, so router encap's original packet with IP-GRE header, which subsequently triggers IPsec before the packet is placed on wire, the sequence makes perfect sense to me.
: Now with IPsec/GRE case, when a packet comes in, it does route lookup, next hop has to be a tunnel interface in order to solve LZ's original problem, but then router will trigger IPsec first? how does your cryto ACL look like?
:
: protocol
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide
So basically, there are IPSec VPN, SSL VPN, Easy VPN, DMVPN, GET VPN, and
MPLS VPN(L2 or L3) in terms of VPN world.
Almost all of these VPNs could be integrated with VRF to further separate
traffic.
Now days, most firewall features are VRF aware too.
router's mind:
is GRE tunnel, so router encap's original packet with IP-GRE header, which
subsequently triggers IPsec before the packet is placed on wire, the
sequence makes perfect sense to me.
next hop has to be a tunnel interface in order to solve LZ's original
problem, but then router will trigger IPsec first? how does your cryto ACL
look like?
【在 s*****g 的大作中提到】
![](/moin_static193/solenoid/img/up.png)
: Hmm, never tried this configuration before, so let's try to think in router's mind:
: In GRE/IPsec case, when a packet comes in, router does ip lookup, next hop is GRE tunnel, so router encap's original packet with IP-GRE header, which subsequently triggers IPsec before the packet is placed on wire, the sequence makes perfect sense to me.
: Now with IPsec/GRE case, when a packet comes in, it does route lookup, next hop has to be a tunnel interface in order to solve LZ's original problem, but then router will trigger IPsec first? how does your cryto ACL look like?
:
: protocol
j*y
44 楼
双子好
s*g
45 楼
VTI just makes configuration easier for the users, but the underline
technology/principle does not change.
which
【在 a***n 的大作中提到】![](/moin_static193/solenoid/img/up.png)
: crypto map is old fashion, new way in Cisco is Virtual Tunnel Interface.
: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide
: So basically, there are IPSec VPN, SSL VPN, Easy VPN, DMVPN, GET VPN, and
: MPLS VPN(L2 or L3) in terms of VPN world.
: Almost all of these VPNs could be integrated with VRF to further separate
: traffic.
: Now days, most firewall features are VRF aware too.
:
: router's mind:
: is GRE tunnel, so router encap's original packet with IP-GRE header, which
technology/principle does not change.
which
【在 a***n 的大作中提到】
![](/moin_static193/solenoid/img/up.png)
: crypto map is old fashion, new way in Cisco is Virtual Tunnel Interface.
: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide
: So basically, there are IPSec VPN, SSL VPN, Easy VPN, DMVPN, GET VPN, and
: MPLS VPN(L2 or L3) in terms of VPN world.
: Almost all of these VPNs could be integrated with VRF to further separate
: traffic.
: Now days, most firewall features are VRF aware too.
:
: router's mind:
: is GRE tunnel, so router encap's original packet with IP-GRE header, which
相关阅读
[转载] [通知]FEA已经成为公共版问个英文翻译who has experience of OMP?怎么检测小于1毫秒的时间段?什么时候盖了?哪位有multiple righthand sides conjugate gradient大家能不能seriously讨论一下这个topic有lsf queue大牛么一特征值问题请问谁用过NURBS++这个函数库?怎么求这个转角?请教一个Gaussian quadrature的问题which option of gcc enables multi-cpu support?paralllel eigensolver关于VF/VC中cannot save file...in use..的问题稀疏矩阵压缩有人在 Windows 2K + cygwin 下配置 GSL 成功吗?急问,网络图论问题!!!大家来谈谈科学计算的工作前景如何[转载] 扔硬币的问题