blob: 4a2dd3140ba1801694c8f78c5004dfdcedeb8992 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072 force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [to-0.0.0.0/0]:Network=0.0.0.0 force
C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
C set [Phase 1]:192.168.3.1=peer-192.168.3.1-local-192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Phase=1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Address=192.168.3.1 force
C set [peer-192.168.3.1-local-192.168.3.2]:Local-address=192.168.3.2 force
C set [peer-192.168.3.1-local-192.168.3.2]:Configuration=phase1-peer-192.168.3.1-local-192.168.3.2 force
C set [phase1-peer-192.168.3.1-local-192.168.3.2]:EXCHANGE_TYPE=ID_PROT force
C add [phase1-peer-192.168.3.1-local-192.168.3.2]:Transforms=phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072 force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase1-transform-peer-192.168.3.1-local-192.168.3.2-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
C set [from-1.1.1.1-to-0.0.0.0/0]:Phase=2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:ISAKMP-peer=peer-192.168.3.1-local-192.168.3.2 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Configuration=phase2-from-1.1.1.1-to-0.0.0.0/0 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Local-ID=from-1.1.1.1 force
C set [from-1.1.1.1-to-0.0.0.0/0]:Remote-ID=to-0.0.0.0/0 force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-1.1.1.1-to-0.0.0.0/0]:Suites=phase2-suite-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-suite-from-1.1.1.1-to-0.0.0.0/0]:Protocols=phase2-protocol-from-1.1.1.1-to-0.0.0.0/0 force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-1.1.1.1-to-0.0.0.0/0]:Transforms=phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
C set [phase2-transform-from-1.1.1.1-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-1.1.1.1]:ID-type=IPV4_ADDR force
C set [from-1.1.1.1]:Address=1.1.1.1 force
C set [to-0.0.0.0/0]:ID-type=IPV4_ADDR_SUBNET force
C set [to-0.0.0.0/0]:Network=0.0.0.0 force
C set [to-0.0.0.0/0]:Netmask=0.0.0.0 force
C add [Phase 2]:Connections=from-1.1.1.1-to-0.0.0.0/0
|