Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <VPNProfile>
- <NativeProfile>
- <Servers>public.vpn.server</Servers>
- <NativeProtocolType>IKEv2</NativeProtocolType>
- <Authentication>
- <MachineMethod>Certificate</MachineMethod>
- </Authentication>
- <CryptographySuite>
- <AuthenticationTransformConstants>SHA256128</AuthenticationTransformConstants>
- <CipherTransformConstants>AES256</CipherTransformConstants>
- <DHGroup>Group14</DHGroup>
- <EncryptionMethod>AES256</EncryptionMethod>
- <IntegrityCheckMethod>SHA256</IntegrityCheckMethod>
- <PfsGroup>PFS2048</PfsGroup>
- </CryptographySuite>
- <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
- <!-- disable the addition of a class based route for the assigned IP address on the VPN interface -->
- <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
- </NativeProfile>
- <!-- Routing - Hostrouten sind empfohlen! -->
- <!-- DNS Server -->
- <Route>
- <Address>10.50.56.33</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>10.50.56.34</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- Domain Controller -->
- <Route>
- <Address>100.10.2.13</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>100.10.2.14</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>10.50.57.13</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>100.20.2.13</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- DFS Server -->
- <Route>
- <Address>10.50.60.53</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>10.50.60.54</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- Fileserver -->
- <Route>
- <Address>10.50.60.67</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>10.50.60.68</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <Route>
- <Address>10.50.60.69</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- Baramundi -->
- <Route>
- <Address>10.50.60.88</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- WSUS -->
- <Route>
- <Address>10.50.60.126</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- ESET -->
- <Route>
- <Address>10.50.63.72</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- WPAD / EMSL -->
- <Route>
- <Address>10.50.63.45</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- SUB CA -->
- <Route>
- <Address>10.50.60.47</Address>
- <PrefixSize>32</PrefixSize>
- </Route>
- <!-- traffic filters for the routes specified above so that only this traffic can go over the device tunnel
- <TrafficFilter>
- <RemoteAddressRanges>100.10.2.13,100.10.2.14,10.50.57.13,100.20.2.13,10.50.60.88,10.50.60.126,10.50.63.72,10.50.63.45</RemoteAddressRanges>
- </TrafficFilter> -->
- <!-- need to specify always on = true -->
- <AlwaysOn>true</AlwaysOn>
- <!-- new node to specify that this is a device tunnel -->
- <DeviceTunnel>true</DeviceTunnel>
- <!--new node to register client IP address in DNS to enable manage out -->
- <RegisterDNS>true</RegisterDNS>
- <!-- inside/outside detection -->
- <TrustedNetworkDetection>network.local</TrustedNetworkDetection>
- </VPNProfile>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement