crypto keyring CISICO
crypto isakmp policy 30
encr aes 256
hash sha
authentication pre-share
group 1
crypto isakmp key 6 S[h]AH][Hcb\`aYPgB]HbY\^_ViYUOAAB address 116.203.229.50
crypto isakmp keepalive 10
crypto ipsec transform-set TS-02 esp-aes 256 esp-sha-hmac
mode transport
crypto ipsec profile IPPRO-01
set security-association lifetime seconds 86400
set transform-set TS-02
interface Tunnel7
description CISICO--V7
ip address 10.8.5.2 255.255.255.252
ip tcp adjust-mss 1420
tunnel source Dialer0
tunnel destination 116.203.229.50
tunnel protection ipsec profile IPPRO-01
- racoon.conf
path pre_shared_key "/usr/local/etc/racoon/psk.txt";
log debug;
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
remote anonymous {
exchange_mode aggressive, main;
lifetime time 1 hour;
proposal {
encryption_algorithm aes 256;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group 1;
}
}
sainfo anonymous {
pfs_group 1;
lifetime time 1 hour;
encryption_algorithm aes 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
- ipsec.conf
flush;
spdflush;
spdadd 116.203.229.50/32 78.36.201.239/32 gre -P out ipsec esp/transport//require;
spdadd 78.36.201.239/32 116.203.229.50/32 gre -P in ipsec esp/transport//require;