bizcell

Дерево сторінок

В файл /etc/strongswan/ipsec.conf прописати:
conn lifecell
keyexchange=ikev1
left=1.2.3.4 # your outside IP
leftsubnet=172.30.255.60/30 # private network provided by lifecell
right=212.58.161.164
rightsubnet=212.58.162.208/32
ike=aes128-sha1-modp1024!
ikelifetime=24h
esp=aes128-sha1!
keyingtries=0
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=start
type=tunnel
conn lifecell1
also=lifecell
rightsubnet=212.58.162.209/32
auto=start
conn lifecell2
also=lifecell
rightsubnet=212.58.162.210/32
auto=start

В файл /etc/strongswan/ipsec.secrets прописати:
1.2.3.4 212.58.161.164 : PSK "_pre_shared_key_"

Створити файл /etc/ipsec.d/lifecell.conf:
conn lifecell
keyexchange=ikev1
left=1.2.3.4 # your outside IP
leftsubnet=172.30.255.60/30 # private network provided by lifecell
right=212.58.161.164
rightsubnets={212.58.162.208/32,212.58.162.209/32,212.58.162.210/32}
ike=aes128-sha1-modp1024!
ikelifetime=24h
esp=aes128-sha1!
keyingtries=0
lifetime=8h
dpddelay=30
dpdtimeout=120
dpdaction=restart
authby=secret
auto=up
type=tunnel

В файл etc/ipsec.d/lifecell.secrets з вмістом:
1.2.3.4 212.58.161.164 : PSK "_pre_shared_key_"

crypto isakmp policy 1720
encr aes
hash sha
group 2
lifetime 86400
!
crypto isakmp key _your_preshared_key_ address 212.58.161.164
!
!
crypto ipsec transform-set 1720 esp-aes esp-sha-hmac
!
crypto map 1720 1720 ipsec-isakmp
description lifecell-ipsec
set peer 212.58.161.164
set security-association lifetime seconds 28800
set transform-set 1720
match address 120
!
!
access-list 120 permit ip 172.30.255.60 0.0.0.252 host 212.58.162.208
access-list 120 permit ip 172.30.255.60 0.0.0.252 host 212.58.162.209
access-list 120 permit ip 172.30.255.60 0.0.0.252 host 212.58.162.210
!
!
interface GigabitEthernet0/1
! YOUR_outside_interface_here add next line
crypto map 1720
!
interface GigabitEthernet0/2
! YOUR_internal_interface_here add next line
ip address 172.30.255.61 255.255.255.252
!

  • No labels