Advertisement
Guest User

Untitled

a guest
Jan 16th, 2020
225
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.77 KB | None | 0 0
  1. /ip ipsec profile
  2. add dh-group=modp1048 enc-algorithm=aes-128 name=ike1-RnD
  3. /ip ipsec proposal
  4. add enc-algorithms=aes-128-cbc name=ike1-RnD pfs-group=modp1048
  5.  
  6.  
  7. /ip ipsec peer add address=83.221.207.999/32 local-address=95.174.102.999 name=ike1-RnD profile=ike1-RnD
  8.  
  9. /ip ipsec identity add peer=ike1-RnD secret=MYPSKKEY
  10.  
  11. /ip ipsec policy
  12. add src-address=192.168.0.0/22 src-port=any dst-address=192.168.8.0/23 dst-port=any tunnel=yes action=encrypt proposal=ike1-RnD peer=ike1-RnD
  13.  
  14.  
  15.  
  16.  
  17. "ike-group": {
  18. "IKE_95.174.102.999": {
  19. "key-exchange": "ikev1",
  20. "lifetime": "28800",
  21. "proposal": {
  22. "1": {
  23. "dh-group": 2,
  24. "encryption": "aes128",
  25. "hash": "sha1"
  26. }
  27. }
  28. }
  29. },
  30. "ipsec-interfaces": {
  31. "interface": [
  32. "pppoe0",
  33. "pppoe1"
  34. ]
  35. },
  36. "nat-networks": {
  37. "allowed-network": {
  38. "0.0.0.0/0": "''"
  39. }
  40. },
  41. "nat-traversal": "enable",
  42. "site-to-site": {
  43. "peer": {
  44. "95.174.102.999": {
  45. "authentication": {
  46. "mode": "pre-shared-secret",
  47. "pre-shared-secret": "MYPSKKEY"
  48. },
  49. "connection-type": "initiate",
  50. "ike-group": "IKE_95.174.102.999",
  51. "local-address": "83.221.207.999",
  52. "vti": {
  53. "bind": "vti64",
  54. "esp-group": "ESP_95.174.102.999"
  55. }
  56. }
  57. }
  58. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement