Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ! Cisco
- crypto isakmp policy 1
- encr aes 256
- hash sha256
- authentication pre-share
- group 14
- crypto isakmp key key.MYSUPERKEY address 0.0.0.0
- crypto isakmp keepalive 10
- !
- !
- crypto ipsec transform-set ipsec.MYTSET esp-aes 256 esp-sha256-hmac
- mode tunnel
- !
- !
- crypto ipsec profile ipspr.MYPROFILE
- set transform-set ipsec.MYTSET
- !
- !
- interface Tunnel0
- ip address 172.16.10.1 255.255.255.252
- tunnel source 198.51.100.10
- tunnel destination 203.0.113.113
- tunnel protection ipsec profile ipspr.MYPROFILE
- # Mikrotik
- /ip ipsec peer profile
- set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256
- /ip ipsec proposal
- set [ find default=yes ] auth-algorithms=sha256 disabled=yes enc-algorithms=aes-256-cbc pfs-group=modp2048
- /ip ipsec peer
- add address=198.51.100.10/32 secret=key.MYSUPERKEY
- /ip ipsec policy
- add dst-address=198.51.100.10/32 proposal=prop.STRONG sa-dst-address=198.51.100.10 sa-src-address=203.0.113.113 src-address=203.0.113.113/32 tunnel=yes
- /interface gre
- add allow-fast-path=no !keepalive local-address=203.0.113.113 name=gre.ipsec.MYTUNNEL0 remote-address=198.51.100.10
- /ip address
- add address=172.16.10.2/30 interface=gre.ipsec.MYTUNNEL0 network=172.16.10.0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
