Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ! Cisco
- crypto ikev2 proposal ike2.PROPOSAL
- encryption aes-cbc-256
- integrity sha256
- group 14
- !
- crypto ikev2 policy ike2.POLICY
- proposal ike2.PROPOSAL
- !
- crypto ikev2 keyring ike2.KEYRING
- peer peers.ALL
- address 0.0.0.0 0.0.0.0
- pre-shared-key local key.Secret
- pre-shared-key remote key.Secret
- !
- !
- !
- crypto ikev2 profile ike2.PROFILE
- match identity remote address 203.0.113.113 255.255.255.255
- identity local address 198.51.100.10
- authentication local pre-share
- authentication remote pre-share
- keyring local ike2.KEYRING
- dpd 10 2 on-demand
- !
- !
- crypto ipsec transform-set ips.TSET esp-aes 256 esp-sha256-hmac
- mode tunnel
- !
- !
- crypto ipsec profile ips.TUNNEL0
- set transform-set ips.TSET
- set ikev2-profile ike2.PROFILE
- !
- interface Tunnel0
- ip address 172.16.10.1 255.255.255.252
- tunnel source 198.51.100.10
- tunnel destination 203.0.113.113
- tunnel protection ipsec profile ips.TUNNEL0
- !
- # Mikrotik
- /ip ipsec peer profile
- add dh-group=modp2048 dpd-interval=30s enc-algorithm=aes-256 hash-algorithm=sha256 name=prof.PHASE1-STRONG
- /ip ipsec proposal
- add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=1h name=prop.STRONG pfs-group=modp2048
- /ip ipsec peer
- add address=198.51.100.10/32 exchange-mode=ike2 profile=prof.PHASE1-STRONG secret=key.Secret
- /ip ipsec policy
- add dst-address=198.51.100.10/32 proposal=prop.STRONG sa-dst-address=198.51.100.10 sa-src-address=203.0.113.113 src-address=203.0.113.113/32 tunnel=yes
- /interface gre
- add allow-fast-path=no !keepalive local-address=203.0.113.113 name=gre.ipsec.MYTUNNEL0 remote-address=198.51.100.10
- /ip address
- add address=172.16.10.2/30 interface=gre.ipsec.MYTUNNEL0 network=172.16.10.0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement