Differences between revisions 3 and 4
Size: 555
Comment:
|
Size: 683
Comment: added access-list for Cisco crypto-map
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3 |
crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3 |
Line 14: | Line 14: |
=== Berechnung der Index Variablen INDEX1, INDEX2 und INDEX3 === | == Format der Access-Listen für IPsec am Border-GW == {{{ access-list INDEX3 permit ip any host IPADDR }}} == Berechnung der Index Variablen INDEX1, INDEX2 und INDEX3 == |
Format der Crypto Map Einträge am Cisco Border-GW
crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3
Format der Access-Listen für IPsec am Border-GW
access-list INDEX3 permit ip any host IPADDR
Berechnung der Index Variablen INDEX1, INDEX2 und INDEX3
Gegeben ist die IP-Adresse (IPADDR) in der Form IP1.IP2.IP3.IP4:
INDEX1 = (IP3 - 150)*256 + IP4
INDEX2 = 300 + INDEX1
INDEX3 = 2000 + INDEX1