blob: 658ca0381015d02bdc04b56d7e360c6b2100b2e2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
C set [peer-1.1.1.1]:Phase=1 force
C set [peer-1.1.1.1]:Address=1.1.1.1 force
C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024 force
C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:AUTHENTICATION_METHOD=RSA_SIG force
C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:HASH_ALGORITHM=SHA force
C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:ENCRYPTION_ALGORITHM=AES_CBC force
C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:KEY_LENGTH=128,128:256 force
C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:GROUP_DESCRIPTION=MODP_1024 force
C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_1024]:Life=LIFE_MAIN_MODE force
C set [peer-1.1.1.1]:Remote-ID=id-1.1.1.1 force
C set [id-1.1.1.1]:ID-type=IPV4_ADDR force
C set [id-1.1.1.1]:Address=1.1.1.1 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Phase=2 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:ISAKMP-peer=peer-1.1.1.1 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Configuration=phase2-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Local-ID=from-10.1.1.0/24 force
C set [from-10.1.1.0/24-to-10.1.2.0/24]:Remote-ID=to-10.1.2.0/24 force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:EXCHANGE_TYPE=QUICK_MODE force
C set [phase2-from-10.1.1.0/24-to-10.1.2.0/24]:Suites=phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-suite-from-10.1.1.0/24-to-10.1.2.0/24]:Protocols=phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24 force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:PROTOCOL_ID=IPSEC_ESP force
C set [phase2-protocol-from-10.1.1.0/24-to-10.1.2.0/24]:Transforms=phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL force
C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:TRANSFORM_ID=AES force
C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:KEY_LENGTH=128,128:256 force
C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:GROUP_DESCRIPTION=MODP_1024 force
C set [phase2-transform-from-10.1.1.0/24-to-10.1.2.0/24-AES128-SHA2_256-MODP_1024-TUNNEL]:Life=LIFE_QUICK_MODE force
C set [from-10.1.1.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [from-10.1.1.0/24]:Network=10.1.1.0 force
C set [from-10.1.1.0/24]:Netmask=255.255.255.0 force
C set [to-10.1.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
C set [to-10.1.2.0/24]:Network=10.1.2.0 force
C set [to-10.1.2.0/24]:Netmask=255.255.255.0 force
C add [Phase 2]:Connections=from-10.1.1.0/24-to-10.1.2.0/24
|