/* page was renamed from IPsecBackBone */ /* page was renamed from BackboneNetzwerk */ <<[[:TableOfContents|TableOfContents]]>> ====== IPsec-AH am Cisco Border-GW ====== Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4. ===== Format der Access-Listen ===== access-list INDEX3 permit ip any host IPADDR ===== Format der Crypto Map Einträge ===== crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3 ===== Berechnung der Variablen INDEX1, INDEX2 und INDEX3 ===== INDEX1 = (IP3 - 150)*256 + IP4 INDEX2 = 300 + INDEX1 INDEX3 = 2000 + INDEX1 ===== Realisierung mit HTML::Template Perl Datenbank Backend ===== SQL String SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip FROM sa,net WHERE net.id=sa.net_id access-list permit ip any host crypto map 0xff ipsec-manual set peer set session-key inbound ah set session-key outbound ah set transform-set AH-Only match address