crypto isakmp policy 20 encr aes 256 authentication pre-share group 2 crypto isakmp key Mykey address 0.0.0.0 ! crypto ipsec transform-set aes256_tr esp-aes 256 esp-sha-hmac mode transport ! crypto ipsec profile mikrotik_pr set transform-set aes256_tr set pfs group2 ! interface Tunnel881021 description Mik01-Center_SEC-PRI ip address 192.168.252.37 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip mtu 1450 ip ospf network point-to-point tunnel source 90.154.106.114 tunnel mode ipip tunnel destination 62.105.149.228 tunnel protection ipsec profile mikrotik_pr ! router ospf 15 router-id 192.168.253.11 passive-interface default no passive-interface Tunnel881021 network 192.168.252.36 0.0.0.3 area 0
/interface ipip add !keepalive local-address=62.105.149.228 mtu=1450 name=Tunnel1 remote-address=90.154.106.114 /ip address add address=192.168.252.38/30 interface=Tunnel1 network=192.168.252.36 /ip ipsec proposal set [ find default=yes ] enc-algorithms=aes-256-cbc add enc-algorithms=aes-256-cbc name=AES-256 /ip ipsec peer add address=90.154.106.114/32 enc-algorithm=aes-256 nat-traversal=no secret=OstecGPkey /ip ipsec policy add dst-address=90.154.106.114/32 proposal=AES-256 protocol=ipencap sa-dst-address=90.154.106.114 sa-src-address=62.105.149.228 src-address=62.105.149.228/32 /routing ospf network add area=backbone network=192.168.252.36/30 add area=backbone network=192.168.88.0/24
Cisco:
interface Tunnel881021 no tunnel protection ipsec profile mikrotik_pr
Mikrotik:
[vs@Mik01] > ip ipsec policy print Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default 0 T * group=default src-address=::/0 dst-address=::/0 protocol=all proposal=default template=yes 1 src-address=62.105.149.228/32 src-port=any dst-address=90.154.106.114/32 dst-port=any protocol=ipencap action=encrypt level=require ipsec-protocols=esp tunnel=no sa-src-address=62.105.149.228 sa-dst-address=90.154.106.114 proposal=AES-256 priority=0 [vs@Mik01] > ip ipsec policy disable 1
Добавить комментарий