Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # aug/07/2022 16:41:29 by RouterOS 6.48.6
- #
- # model = RB1100x4
- /ip ipsec policy group add name=ike2-gre
- /ip ipsec profile set [ find default=yes ] dh-group=modp2048,modp1536,modp1024 enc-algorithm=aes-256,aes-128
- /ip ipsec profile add dh-group=ecp256,modp2048,modp1024 enc-algorithm=aes-256,aes-192,aes-128 name=ike2
- /ip ipsec peer add address=213.208.176.94/32 exchange-mode=ike2 local-address=212.34.59.34 name=gre_avto1_yasen1 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec peer add address=213.208.176.94/32 disabled=yes exchange-mode=ike2 local-address=81.211.58.206 name=gre_avto2_yasen1 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec peer add address=194.154.89.198/32 exchange-mode=ike2 local-address=81.211.58.206 name=gre_avto2_kry2 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec peer add address=95.131.179.206/32 exchange-mode=ike2 local-address=212.34.59.34 name=gre_avto1_kry1 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec peer add address=91.143.47.34/32 exchange-mode=ike2 local-address=212.34.59.34 name=gre_avto1_him1 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec peer add address=87.255.26.72/32 exchange-mode=ike2 local-address=81.211.58.206 name=gre_avto2_him2 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec peer add address=62.141.79.173/32 exchange-mode=ike2 local-address=81.211.58.206 name=gre_avto2_yasen2 passive=yes profile=ike2 send-initial-contact=no
- /ip ipsec proposal set [ find default=yes ] auth-algorithms=sha512,sha256,sha1 enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm,aes-192-cbc,aes-192-ctr,aes-192-gcm,aes-128-cbc,aes-128-ctr,aes-128-gcm
- /ip ipsec proposal add name=ike2-gre pfs-group=none
- /ip ipsec identity add comment=gre_avto2_kry2 generate-policy=port-strict peer=gre_avto2_kry2 policy-template-group=ike2-gre
- /ip ipsec identity add generate-policy=port-strict peer=gre_avto1_kry1 policy-template-group=ike2-gre
- /ip ipsec identity add comment=gre_avto2_him2 generate-policy=port-strict peer=gre_avto2_him2 policy-template-group=ike2-gre
- /ip ipsec identity add comment=gre_avto1_him1 generate-policy=port-strict peer=gre_avto1_him1 policy-template-group=ike2-gre
- /ip ipsec identity add comment=gre_avto1_yasen1 generate-policy=port-strict peer=gre_avto1_yasen1 policy-template-group=ike2-gre
- /ip ipsec identity add comment=gre_avto2_yasen2 generate-policy=port-strict peer=gre_avto2_yasen2 policy-template-group=ike2-gre
- /ip ipsec identity add generate-policy=port-strict peer=gre_avto2_yasen1 policy-template-group=ike2-gre
- /ip ipsec policy set 0 dst-address=0.0.0.0/0 src-address=0.0.0.0/0
- /ip ipsec policy add dst-address=95.131.179.206/32 peer=gre_avto1_kry1 proposal=ike2-gre protocol=gre src-address=212.34.59.34/32
- /ip ipsec policy add dst-address=194.154.89.198/32 peer=gre_avto2_kry2 proposal=ike2-gre protocol=gre src-address=81.211.58.206/32
- /ip ipsec policy add dst-address=91.143.47.34/32 peer=gre_avto1_him1 proposal=ike2-gre protocol=gre src-address=212.34.59.34/32
- /ip ipsec policy add dst-address=87.255.26.72/32 peer=gre_avto2_him2 proposal=ike2-gre protocol=gre src-address=81.211.58.206/32
- /ip ipsec policy add dst-address=213.208.176.94/32 peer=gre_avto1_yasen1 proposal=ike2-gre protocol=gre src-address=212.34.59.34/32
- /ip ipsec policy add dst-address=62.141.79.173/32 peer=gre_avto2_yasen2 proposal=ike2-gre protocol=gre src-address=81.211.58.206/32
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
