Differences between revisions 3 and 9 (spanning 6 versions)
|
Size: 555
Comment:
|
← Revision 9 as of 2009-06-06 00:56:42 ⇥
Size: 1520
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| [[TableOfContents]] | ## page was renamed from BackboneNetzwerk <<TableOfContents>> |
| Line 3: | Line 4: |
| == Format der Crypto Map Einträge am Cisco Border-GW == | = IPsec-AH am Cisco Border-GW = Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4. == Format der Access-Listen == |
| Line 6: | Line 11: |
| crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3 |
access-list INDEX3 permit ip any host IPADDR |
| Line 14: | Line 14: |
| === Berechnung der Index Variablen INDEX1, INDEX2 und INDEX3 === | == Format der Crypto Map Einträge == |
| Line 16: | Line 16: |
| Gegeben ist die IP-Adresse (IPADDR) in der Form IP1.IP2.IP3.IP4: | {{{ crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3 }}} == Berechnung der Variablen INDEX1, INDEX2 und INDEX3 == |
| Line 26: | Line 36: |
== Realisierung mit HTML::Template Perl Datenbank Backend == SQL String {{{ SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip FROM sa,net WHERE net.id=sa.net_id }}} {{{ <TMPL_LOOP NAME=table> access-list <TMPL_VAR NAME=index3> permit ip any host <TMPL_VAR NAME=ip> crypto map 0xff <TMPL_VAR NAME=index1> ipsec-manual set peer <TMPL_VAR NAME=ip> set session-key inbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_out> set session-key outbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_in> set transform-set AH-Only match address <TMPL_VAR NAME=index3> </TMPL_LOOP> }}} |
Contents
IPsec-AH am Cisco Border-GW
Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4.
Format der Access-Listen
access-list INDEX3 permit ip any host IPADDR
Format der Crypto Map Einträge
crypto map 0xff INDEX1 ipsec-manual
set peer IPADDR
set session-key inbound ah INDEX2 {40char-key1}
set session-key outbound ah INDEX2 {40char-key2}
set transform-set AH-Only
match address INDEX3
Berechnung der Variablen INDEX1, INDEX2 und INDEX3
INDEX1 = (IP3 - 150)*256 + IP4
INDEX2 = 300 + INDEX1
INDEX3 = 2000 + INDEX1
Realisierung mit HTML::Template Perl Datenbank Backend
SQL String
SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip FROM sa,net WHERE net.id=sa.net_id
<TMPL_LOOP NAME=table> access-list <TMPL_VAR NAME=index3> permit ip any host <TMPL_VAR NAME=ip> crypto map 0xff <TMPL_VAR NAME=index1> ipsec-manual set peer <TMPL_VAR NAME=ip> set session-key inbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_out> set session-key outbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_in> set transform-set AH-Only match address <TMPL_VAR NAME=index3> </TMPL_LOOP>