Cisco 2811
!
crypto isakmp policy 3
encr aes 256
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp key SeCrEtKeY address 99.251.150.181
!
crypto ipsec transform-set PEER1 esp-aes 256 esp-md5-hmac
!
crypto map OUT 11 ipsec-isakmp
set peer 99.251.150.181
set security-association lifetime seconds 28800
set transform-set PEER1
set pfs group2
match address 112
!
access-list 112 permit ip host 192.168.45.254 192.168.66.0 0.0.0.255
Cisco2811#sh crypto isakmp policy
Global IKE policy
Protection suite of priority 3
encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 28800 seconds, no volume limit
Mikrotik RB450G v6.27
/ip address
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc lifetime=8h
/ip ipsec peer
add address=212.66.129.54/32 enc-algorithm=des exchange-mode=aggressive \
hash-algorithm=md5 lifetime=8h nat-traversal=no secret=SeCrEtKeY
/ip ipsec policy
set 0 disabled=yes
add dst-address=192.168.45.0/24 sa-dst-address=212.66.129.54 sa-src-address=\
99.251.150.181 src-address=192.168.66.0/24 tunnel=yes
!
crypto isakmp policy 3
encr aes 256
authentication pre-share
group 2
lifetime 28800
!
crypto isakmp key SeCrEtKeY address 99.251.150.181
!
crypto ipsec transform-set PEER1 esp-aes 256 esp-md5-hmac
!
crypto map OUT 11 ipsec-isakmp
set peer 99.251.150.181
set security-association lifetime seconds 28800
set transform-set PEER1
set pfs group2
match address 112
!
access-list 112 permit ip host 192.168.45.254 192.168.66.0 0.0.0.255
Cisco2811#sh crypto isakmp policy
Global IKE policy
Protection suite of priority 3
encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 28800 seconds, no volume limit
Mikrotik RB450G v6.27
/ip address
add address=192.168.66.1/24 interface=ether2-master-local network=\
192.168.66.0
add address=99.251.150.181/24 interface=ether1 network=\
99.251.150.0
set [ find default=yes ] auth-algorithms=md5 enc-algorithms=aes-256-cbc lifetime=8h
/ip ipsec peer
add address=212.66.129.54/32 enc-algorithm=des exchange-mode=aggressive \
hash-algorithm=md5 lifetime=8h nat-traversal=no secret=SeCrEtKeY
/ip ipsec policy
set 0 disabled=yes
add dst-address=192.168.45.0/24 sa-dst-address=212.66.129.54 sa-src-address=\
99.251.150.181 src-address=192.168.66.0/24 tunnel=yes
Комментариев нет:
Отправить комментарий