User Tools

Site Tools


crypto keyring CISICO 

crypto isakmp policy 30
 encr aes 256
 hash sha
 authentication pre-share
 group 1

crypto isakmp key 6 S[h]AH][Hcb\`aYPgB]HbY\^_ViYUOAAB address 116.203.229.50

crypto isakmp keepalive 10

crypto ipsec transform-set TS-02 esp-aes 256 esp-sha-hmac 
 mode transport

crypto ipsec profile IPPRO-01
 set security-association lifetime seconds 86400
 set transform-set TS-02 

interface Tunnel7
 description CISICO--V7
 ip address 10.8.5.2 255.255.255.252
 ip tcp adjust-mss 1420
 tunnel source Dialer0
 tunnel destination 116.203.229.50
 tunnel protection ipsec profile IPPRO-01
racoon.conf
path pre_shared_key  "/usr/local/etc/racoon/psk.txt";
log debug;
 
padding {
  maximum_length 20;
  randomize off;
  strict_check off;
  exclusive_tail off;
}
 
remote anonymous {
    exchange_mode aggressive, main;
    lifetime time 1 hour;
    proposal {
        encryption_algorithm aes 256;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 1;
     }
}
 
sainfo anonymous {
    pfs_group 1;
    lifetime time 1 hour;
    encryption_algorithm aes 256;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
}
ipsec.conf
flush;
spdflush;
 
spdadd 116.203.229.50/32 78.36.201.239/32 gre -P out ipsec esp/transport//require;
spdadd 78.36.201.239/32 116.203.229.50/32 gre -P in ipsec esp/transport//require;