Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

Locked History Actions

IPsecBackBone

Contents

  1. IPsec-AH am Cisco Border-GW
    1. Format der Access-Listen
    2. Format der Crypto Map Einträge
    3. Berechnung der Variablen INDEX1, INDEX2 und INDEX3
    4. Realisierung mit HTML::Template Perl Datenbank Backend

IPsec-AH am Cisco Border-GW

Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4.

Format der Access-Listen

  access-list INDEX3 permit ip any host IPADDR

Format der Crypto Map Einträge

  crypto map 0xff INDEX1 ipsec-manual 
     set peer IPADDR
     set session-key inbound ah INDEX2 {40char-key1}
     set session-key outbound ah INDEX2 {40char-key2}
     set transform-set AH-Only 
     match address INDEX3

Berechnung der Variablen INDEX1, INDEX2 und INDEX3

  INDEX1 = (IP3 - 150)*256 + IP4 

  INDEX2 = 300 + INDEX1

  INDEX3 = 2000 + INDEX1

Realisierung mit HTML::Template Perl Datenbank Backend

SQL String 

SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip  FROM sa,net WHERE net.id=sa.net_id

<TMPL_LOOP NAME=table>
access-list <TMPL_VAR NAME=index3> permit ip any host <TMPL_VAR NAME=ip>
crypto map 0xff <TMPL_VAR NAME=index1> ipsec-manual
   set peer <TMPL_VAR NAME=ip>
   set session-key inbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_out>
   set session-key outbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_in>
   set transform-set AH-Only
   match address <TMPL_VAR NAME=index3>
</TMPL_LOOP>