## page was renamed from BackboneNetzwerk
<<TableOfContents>>

= IPsec-AH am Cisco Border-GW =

Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4.

== Format der Access-Listen ==

{{{
  access-list INDEX3 permit ip any host IPADDR
}}}

== Format der Crypto Map Einträge ==

{{{
  crypto map 0xff INDEX1 ipsec-manual 
     set peer IPADDR
     set session-key inbound ah INDEX2 {40char-key1}
     set session-key outbound ah INDEX2 {40char-key2}
     set transform-set AH-Only 
     match address INDEX3
}}}

== Berechnung der Variablen INDEX1, INDEX2 und INDEX3 ==

{{{
  INDEX1 = (IP3 - 150)*256 + IP4 
}}}
{{{ 
  INDEX2 = 300 + INDEX1
}}}
{{{
  INDEX3 = 2000 + INDEX1
}}}

== Realisierung mit HTML::Template Perl Datenbank Backend ==

SQL String
{{{
SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip  FROM sa,net WHERE net.id=sa.net_id
}}}

{{{
<TMPL_LOOP NAME=table>
access-list <TMPL_VAR NAME=index3> permit ip any host <TMPL_VAR NAME=ip>
crypto map 0xff <TMPL_VAR NAME=index1> ipsec-manual
   set peer <TMPL_VAR NAME=ip>
   set session-key inbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_out>
   set session-key outbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_in>
   set transform-set AH-Only
   match address <TMPL_VAR NAME=index3>
</TMPL_LOOP>
}}}