Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # racoon.conf for use with Check Point VPN-1/Firewall-1
- #
- # search this file for pre_shared_key with various ID key.
- #
- path pre_shared_key "/etc/racoon/psk.txt" ;
- log debug;
- #
- # "padding" defines some parameter of padding. You should not touch these.
- #
- padding {
- maximum_length 20; # maximum padding length.
- randomize off; # enable randomize length.
- strict_check off; # enable strict check.
- exclusive_tail off; # extract last one octet.
- }
- listen {
- #isakmp ::1 [7000];
- #isakmp 0.0.0.0 [500];
- #admin [7002]; # administrative port by kmpstat.
- #strict_address; # required all addresses must be bound.
- }
- #
- # Specification of default various timers.
- #
- timer {
- #
- # These values can be changed per remote node.
- #
- counter 5; # maximum trying count to send.
- interval 20 sec; # maximum interval to resend.
- persend 1; # the number of packets per a send.
- #
- # timer for waiting to complete each phase.
- #
- phase1 30 sec;
- phase2 15 sec;
- }
- remote 82.XXX.XXX.XXX {
- exchange_mode aggressive,main; # For Firewall-1 Aggressive mode
- #my_identifier address;
- #my_identifier user_fqdn "vpn_nbs@client.com";
- my_identifier address "194.XXX.XXX.XXX";
- peers_identifier address "82.XXX.XXX.XXX";
- #certificate_type x509 "" "";
- nat_traversal on;
- #script "/etc/racoon/vpn1-ipsec.sh" phase1_up;
- nonce_size 16;
- lifetime time 1 hour; # sec,min,hour
- # lifetime byte 5 MB; # B,KB,GB
- initial_contact on;
- # support_mip6 on;
- proposal_check obey; # obey, strict or claim
- proposal {
- encryption_algorithm 3des;
- hash_algorithm md5;
- authentication_method pre_shared_key;
- dh_group 2 ;
- }
- }
- sainfo anonymous {
- pfs_group 2;
- lifetime time 1 hour;
- # lifetime byte 50000 KB;
- encryption_algorithm 3des;
- authentication_algorithm hmac_sha1;
- compression_algorithm deflate ;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
