Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /ip ipsec profile
- add dh-group=modp1048 enc-algorithm=aes-128 name=ike1-RnD
- /ip ipsec proposal
- add enc-algorithms=aes-128-cbc name=ike1-RnD pfs-group=modp1048
- /ip ipsec peer add address=83.221.207.999/32 local-address=95.174.102.999 name=ike1-RnD profile=ike1-RnD
- /ip ipsec identity add peer=ike1-RnD secret=MYPSKKEY
- /ip ipsec policy
- add src-address=192.168.0.0/22 src-port=any dst-address=192.168.8.0/23 dst-port=any tunnel=yes action=encrypt proposal=ike1-RnD peer=ike1-RnD
- "ike-group": {
- "IKE_95.174.102.999": {
- "key-exchange": "ikev1",
- "lifetime": "28800",
- "proposal": {
- "1": {
- "dh-group": 2,
- "encryption": "aes128",
- "hash": "sha1"
- }
- }
- }
- },
- "ipsec-interfaces": {
- "interface": [
- "pppoe0",
- "pppoe1"
- ]
- },
- "nat-networks": {
- "allowed-network": {
- "0.0.0.0/0": "''"
- }
- },
- "nat-traversal": "enable",
- "site-to-site": {
- "peer": {
- "95.174.102.999": {
- "authentication": {
- "mode": "pre-shared-secret",
- "pre-shared-secret": "MYPSKKEY"
- },
- "connection-type": "initiate",
- "ike-group": "IKE_95.174.102.999",
- "local-address": "83.221.207.999",
- "vti": {
- "bind": "vti64",
- "esp-group": "ESP_95.174.102.999"
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement