RTシリーズのIPsec&IKE&VPN&...に関するFAQ
トンネルを使用した場合の経路はどうなりますか?
最終変更日 | 2018/Nov/06 |
文書サイズ | 31KB |
通信が可能かどうかを判断するときには 「pingが通るか通らないか?」という確認の方法がありますが、 パケットが流れる経路を片道づつ検討してみましょう。 往路の経路と復路の経路が確保されていれば、通信可能と判断できます。
ルーティングの設定によっては、往路の経路と復路の経路が異なることがあります。 セキュリティ上重要な情報が流れる可能性がある場合、 経路のチェックも慎重に行なうことが必要です。
[目次]
<インターネット> 〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜〜 | | | | プロバイダ#A プロバイダ#B # # # 専用線 VPN # 専用線 # ??????????????????????????? # # ? ? # +-------------------+ +-------------------+ | [BRI] [tunnel] | | [tunnel] [BRI] | | | | | | RT(A) | | RT(B) | | | | | | [LAN] | | [LAN] | +---------+---------+ +---------+---------+ | 172.16.184.33(1) | 172.16.186.33(1) | 192.168.0.1(2) | 192.168.1.1(2) | 172.16.184.32/28(g) | 172.16.186.32/28(g) | 192.168.0.0/24(p) | 192.168.1.0/24(p) ----------+----------------------- ----------+-----------------------
● | 同じLAN/問題無い |
◎ | インターネット経由で通信 |
○ | NATやIPマスカレード |
★ | トンネル/VPN経由で通信 |
× | 通信できない |
? | 不明/場合によりけり |
● | 同じLAN/問題無い |
◎ | インターネット経由で通信 |
○ | NATやIPマスカレード |
★ | VPN経由で通信 |
▲ | 往路(★)と復路(◎)で異なる経路…通信○ |
▼ | 往路(◎)と復路(★)で異なる経路…通信○ |
△ | 往路(★)と復路(○)で異なる経路…通信× |
▽ | 往路(○)と復路(★)で異なる経路…通信× |
× | 通信できない |
? | 不明/場合によりけり |
ホスト | ネット | ホスト | ネット | ||||||||||||||
パケットの流れ [大文字]→[小文字] |
[x] | [a] | [b] | [c] | [d] | [e] | [f] | [g] | [h] | [i] | [j] | ||||||
Internet | [X] | ◎ | ◎ | ? | ◎ | ? | ◎ | ◎ | ? | ◎ | ? | ||||||
SGW(172.16.184.33) | [A] | ◎ | ● | ● | ● | ● | ◎ | ◎ | ? | ◎ | ? | ||||||
ホスト(172.16.184.34) | [B] | ◎ | ● | ● | ● | ● | ◎ | ◎ | ? | ◎ | ? | ||||||
ホスト(192.168.0.2) | [C] | ○ | ● | ● | ● | ● | ○ | ○ | × | ○ | × | ||||||
172.16.184.32/28 | [D] | ◎ | ● | ● | ● | ● | ● | ◎ | ◎ | ? | ◎ | ? | |||||
192.168.0.0/24 | [E] | ○ | ● | ● | ● | ● | ● | ○ | ○ | × | ○ | × | |||||
SGW(172.16.186.33) | [F] | ◎ | ◎ | ◎ | ? | ◎ | ? | ● | ● | ● | ● | ||||||
ホスト(172.16.186.34) | [G] | ◎ | ◎ | ◎ | ? | ◎ | ? | ● | ● | ● | ● | ||||||
ホスト(192.168.1.2) | [H] | ○ | ○ | ○ | × | ○ | × | ● | ● | ● | ● | ||||||
172.16.186.32/28 | [I] | ◎ | ◎ | ◎ | ? | ◎ | ? | ● | ● | ● | ● | ● | |||||
192.168.1.0/24 | [J] | ○ | ○ | ○ | × | ○ | × | ● | ● | ● | ● | ● |
ホスト | ネット | ホスト | ネット | ||||||||||||||
パケットの流れ [大文字]→[小文字] |
[x] | [a] | [b] | [c] | [d] | [e] | [f] | [g] | [h] | [i] | [j] | ||||||
Internet | [X] | ◎ | ◎ | ? | ◎ | ? | ◎ | ◎ | ? | ◎ | ? | ||||||
SGW(172.16.184.33) | [A] | ◎ | ● | ● | ● | ● | ◎ | ◎ | ★ | ◎ | ? | ||||||
ホスト(172.16.184.34) | [B] | ◎ | ● | ● | ● | ● | ◎ | ◎ | ★ | ◎ | ? | ||||||
ホスト(192.168.0.2) | [C] | ○ | ● | ● | ● | ● | ○ | ○ | ★ | ○ | × | ||||||
172.16.184.32/28 | [D] | ◎ | ● | ● | ● | ● | ● | ◎ | ◎ | ★ | ◎ | ? | |||||
192.168.0.0/24 | [E] | ○ | ● | ● | ● | ● | ● | ○ | ○ | ★ | ○ | × | |||||
SGW(172.16.186.33) | [F] | ◎ | ◎ | ◎ | ★ | ◎ | ? | ● | ● | ● | ● | ||||||
ホスト(172.16.186.34) | [G] | ◎ | ◎ | ◎ | ★ | ◎ | ? | ● | ● | ● | ● | ||||||
ホスト(192.168.1.2) | [H] | ○ | ○ | ○ | ★ | ○ | × | ● | ● | ● | ● | ||||||
172.16.186.32/28 | [I] | ◎ | ◎ | ◎ | ★ | ◎ | ? | ● | ● | ● | ● | ● | |||||
192.168.1.0/24 | [J] | ○ | ○ | ○ | ★ | ○ | × | ● | ● | ● | ● | ● |
ホスト | ネット | ホスト | ネット | ||||||||||||||
パケットの流れ [大文字]→[小文字] |
[x] | [a] | [b] | [c] | [d] | [e] | [f] | [g] | [h] | [i] | [j] | ||||||
Internet | [X] | ◎ | ◎ | ? | ◎ | ? | ◎ | ◎ | ? | ◎ | ? | ||||||
SGW(172.16.184.33) | [A] | ◎ | ● | ● | ● | ● | ◎ | ★ | ? | ◎ | ? | ||||||
ホスト(172.16.184.34) | [B] | ◎ | ● | ● | ● | ● | ◎ | ★ | ? | ◎ | ? | ||||||
ホスト(192.168.0.2) | [C] | ○ | ● | ● | ● | ● | ○ | ★ | × | ○ | × | ||||||
172.16.184.32/28 | [D] | ◎ | ● | ● | ● | ● | ● | ◎ | ★ | ? | ◎ | ? | |||||
192.168.0.0/24 | [E] | ○ | ● | ● | ● | ● | ● | ○ | ★ | × | ○ | × | |||||
SGW(172.16.186.33) | [F] | ◎ | ◎ | ★ | ? | ◎ | ? | ● | ● | ● | ● | ||||||
ホスト(172.16.186.34) | [G] | ◎ | ◎ | ★ | ? | ◎ | ? | ● | ● | ● | ● | ||||||
ホスト(192.168.1.2) | [H] | ○ | ○ | ★ | × | ○ | × | ● | ● | ● | ● | ||||||
172.16.186.32/28 | [I] | ◎ | ◎ | ★ | ? | ◎ | ? | ● | ● | ● | ● | ● | |||||
192.168.1.0/24 | [J] | ○ | ○ | ★ | × | ○ | × | ● | ● | ● | ● | ● |
ホスト | ネット | ホスト | ネット | ||||||||||||||
パケットの流れ [大文字]→[小文字] |
[x] | [a] | [b] | [c] | [d] | [e] | [f] | [g] | [h] | [i] | [j] | ||||||
Internet | [X] | ◎ | ◎ | ? | ◎ | ? | ◎ | ◎ | ? | ◎ | ? | ||||||
SGW(172.16.184.33) | [A] | ◎ | ● | ● | ● | ● | ◎ | ★ | ? | ★ | ? | ||||||
ホスト(172.16.184.34) | [B] | ◎ | ● | ● | ● | ● | ◎ | ★ | ? | ★ | ? | ||||||
ホスト(192.168.0.2) | [C] | ○ | ● | ● | ● | ● | ○ | ★ | × | ★ | × | ||||||
172.16.184.32/28 | [D] | ◎ | ● | ● | ● | ● | ● | ◎ | ★ | ? | ★ | ? | |||||
192.168.0.0/24 | [E] | ○ | ● | ● | ● | ● | ● | ○ | ★ | × | ★ | × | |||||
SGW(172.16.186.33) | [F] | ◎ | ◎ | ★ | ? | ★ | ? | ● | ● | ● | ● | ||||||
ホスト(172.16.186.34) | [G] | ◎ | ◎ | ★ | ? | ★ | ? | ● | ● | ● | ● | ||||||
ホスト(192.168.1.2) | [H] | ○ | ○ | ★ | × | ★ | × | ● | ● | ● | ● | ||||||
172.16.186.32/28 | [I] | ◎ | ◎ | ★ | ? | ★ | ? | ● | ● | ● | ● | ● | |||||
192.168.1.0/24 | [J] | ○ | ○ | ★ | × | ★ | × | ● | ● | ● | ● | ● |
[大文字]→[小文字] | [x] | [a] | [b] | [c] | [d] | [e] | [f] | ||||
Internet | [X] | − | ◎ | ◎ | ? | ◎ | ◎ | ? | |||
SGW:RT(A) | [A] | ◎ | − | ● | ● | ◎ | ▲ | × | |||
172.16.184.32/28 | [B] | ◎ | ● | ● | ● | ▼ | ★ | × | |||
192.168.0.0/24 | [C] | ○ | ● | ● | ● | × | × | × | |||
SGW:RT(B) | [D] | ◎ | ◎ | ▲ | × | − | ● | ● | |||
172.16.186.32/28 | [E] | ◎ | ▼ | ★ | × | ● | ● | ● | |||
192.168.1.0/24 | [F] | ○ | × | × | × | ● | ● | ● |
ホスト | ネット | ホスト | ネット | ||||||||||||||
パケットの流れ [大文字]→[小文字] |
[x] | [a] | [b] | [c] | [d] | [e] | [f] | [g] | [h] | [i] | [j] | ||||||
Internet | [X] | ◎ | ◎ | ? | ◎ | ? | ◎ | ◎ | ? | ◎ | ? | ||||||
SGW(172.16.184.33) | [A] | ◎ | ● | ● | ● | ● | ◎ | ◎ | ★ | ◎ | ★ | ||||||
ホスト(172.16.184.34) | [B] | ◎ | ● | ● | ● | ● | ◎ | ◎ | ★ | ◎ | ★ | ||||||
ホスト(192.168.0.2) | [C] | ○ | ● | ● | ● | ● | ○ | ○ | ★ | ○ | ★ | ||||||
172.16.184.32/28 | [D] | ◎ | ● | ● | ● | ● | ● | ◎ | ◎ | ★ | ◎ | ★ | |||||
192.168.0.0/24 | [E] | ○ | ● | ● | ● | ● | ● | ○ | ○ | ★ | ○ | ★ | |||||
SGW(172.16.186.33) | [F] | ◎ | ◎ | ◎ | ★ | ◎ | ★ | ● | ● | ● | ● | ||||||
ホスト(172.16.186.34) | [G] | ◎ | ◎ | ◎ | ★ | ◎ | ★ | ● | ● | ● | ● | ||||||
ホスト(192.168.1.2) | [H] | ○ | ○ | ○ | ★ | ○ | ★ | ● | ● | ● | ● | ||||||
172.16.186.32/28 | [I] | ◎ | ◎ | ◎ | ★ | ◎ | ★ | ● | ● | ● | ● | ● | |||||
192.168.1.0/24 | [J] | ○ | ○ | ○ | ★ | ○ | ★ | ● | ● | ● | ● | ● |
[大文字]→[小文字] | [x] | [a] | [b] | [c] | [d] | [e] | [f] | ||||
Internet | [X] | − | ◎ | ◎ | ? | ◎ | ◎ | ? | |||
SGW:RT(A) | [A] | ◎ | − | ● | ● | ◎ | ◎ | △ | |||
172.16.184.32/28 | [B] | ◎ | ● | ● | ● | ◎ | ◎ | △ | |||
192.168.0.0/24 | [C] | ○ | ● | ● | ● | ▽ | ▽ | ★ | |||
SGW:RT(B) | [D] | ◎ | ◎ | ◎ | △ | − | ● | ● | |||
172.16.186.32/28 | [E] | ◎ | ◎ | ◎ | △ | ● | ● | ● | |||
192.168.1.0/24 | [F] | ○ | ▽ | ▽ | ★ | ● | ● | ● |
ホスト | ネット | ホスト | ネット | ||||||||||||||
パケットの流れ [大文字]→[小文字] |
[x] | [a] | [b] | [c] | [d] | [e] | [f] | [g] | [h] | [i] | [j] | ||||||
Internet | [X] | ◎ | ◎ | ? | ◎ | ? | ◎ | ◎ | ? | ◎ | ? | ||||||
SGW(172.16.184.33) | [A] | ◎ | ● | ● | ● | ● | ◎ | ★ | ★ | ★ | ★ | ||||||
ホスト(172.16.184.34) | [B] | ◎ | ● | ● | ● | ● | ◎ | ★ | ★ | ★ | ★ | ||||||
ホスト(192.168.0.2) | [C] | ○ | ● | ● | ● | ● | ○ | ★ | ★ | ★ | ★ | ||||||
172.16.184.32/28 | [D] | ◎ | ● | ● | ● | ● | ● | ◎ | ★ | ★ | ★ | ★ | |||||
192.168.0.0/24 | [E] | ○ | ● | ● | ● | ● | ● | ○ | ★ | ★ | ★ | ★ | |||||
SGW(172.16.186.33) | [F] | ◎ | ◎ | ★ | ★ | ★ | ★ | ● | ● | ● | ● | ||||||
ホスト(172.16.186.34) | [G] | ◎ | ◎ | ★ | ★ | ★ | ★ | ● | ● | ● | ● | ||||||
ホスト(192.168.1.2) | [H] | ○ | ○ | ★ | ★ | ★ | ★ | ● | ● | ● | ● | ||||||
172.16.186.32/28 | [I] | ◎ | ◎ | ★ | ★ | ★ | ★ | ● | ● | ● | ● | ● | |||||
192.168.1.0/24 | [J] | ○ | ○ | ★ | ★ | ★ | ★ | ● | ● | ● | ● | ● |
[大文字]→[小文字] | [x] | [a] | [b] | [c] | [d] | [e] | [f] | ||||
Internet | [X] | − | ◎ | ◎ | ? | ◎ | ◎ | ? | |||
SGW:RT(A) | [A] | ◎ | − | ● | ● | ◎ | ▼ | ▽ | |||
172.16.184.32/28 | [B] | ◎ | ● | ● | ● | ▲ | ★ | ★ | |||
192.168.0.0/24 | [C] | ○ | ● | ● | ● | △ | ★ | ★ | |||
SGW:RT(B) | [D] | ◎ | ◎ | ▼ | ▽ | − | ● | ● | |||
172.16.186.32/28 | [E] | ◎ | ▲ | ★ | ★ | ● | ● | ● | |||
192.168.1.0/24 | [F] | ○ | △ | ★ | ★ | ● | ● | ● |