IPsec-AH am Cisco Border-GW

Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4.

Format der Access-Listen

  access-list INDEX3 permit ip any host IPADDR

Format der Crypto Map Einträge

  crypto map 0xff INDEX1 ipsec-manual 
     set peer IPADDR
     set session-key inbound ah INDEX2 {40char-key1}
     set session-key outbound ah INDEX2 {40char-key2}
     set transform-set AH-Only 
     match address INDEX3

Berechnung der Variablen INDEX1, INDEX2 und INDEX3

  INDEX1 = (IP3 - 150)*256 + IP4 

  INDEX2 = 300 + INDEX1

  INDEX3 = 2000 + INDEX1

Realisierung mit HTML::Template Perl Datenbank Backend

SQL String

SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip  FROM sa,net WHERE net.id=sa.net_id

<TMPL_LOOP NAME=table>
access-list <TMPL_VAR NAME=index3> permit ip any host <TMPL_VAR NAME=ip>
crypto map 0xff <TMPL_VAR NAME=index1> ipsec-manual
   set peer <TMPL_VAR NAME=ip>
   set session-key inbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_out>
   set session-key outbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_in>
   set transform-set AH-Only
   match address <TMPL_VAR NAME=index3>
</TMPL_LOOP>