# This is automatically generated LSP
#
# Conversion Date/Time: Mon May 27 11:07:09 2013
GlobalParameters(
Title = "This LSP was automatically generated by CSP Converter at Mon May 27 11:07:09 2013"
Version = LSP_4_1
CRLHandlingMode = OPTIONAL
PreserveIPsecSA = FALSE
)
IKEParameters(
FragmentSize = 0
)
RoutingTable(
Routes =
Route(
Destination = 0.0.0.0/0
Gateway = 192.168.100.2
)
)
FirewallParameters(
TCPSynSentTimeout = 30
TCPFinTimeout = 5
TCPClosedTimeout = 30
TCPSynRcvdTimeout = 30
TCPEstablishedTimeout = 3600
TCPHalfOpenLow = 400
TCPHalfOpenMax = 500
TCPSessionRateLow = 400
TCPSessionRateMax = 500
)
IKETransform crypto:isakmp:policy:1
(
CipherAlg = "G2814789CPRO1-K256-CBC-65534"
HashAlg = "GR341194CPRO1-65534"
GroupID = VKO_1B
RestrictAuthenticationTo = GOST_SIGN
LifetimeSeconds = 86400
)
ESPProposal TSET:ESP
(
Transform* = ESPTransform
(
CipherAlg* = "G2814789CPRO1-K288-CNTMAC-253"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
)
FilterChain FilterChain:LIST2 (
Filters = Filter (
SourceIP = 192.168.100.1
ProtocolID = 6
SourcePort = 22
Action = PASS
LogEventID = "LIST2"
),
Filter (
SourceIP = 192.168.100.1
ProtocolID = 17
SourcePort = 4500
Action = PASS
LogEventID = "LIST2"
),
Filter (
SourceIP = 192.168.100.1
ProtocolID = 17
SourcePort = 500
Action = PASS
LogEventID = "LIST2"
),
Filter (
Action = DROP
LogEventID = "LIST2"
),
Filter (
Action = DROP
)
)
IdentityEntry my_admin(
DistinguishedName* = CertDescription(
Subject = TEMPLATE, "C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=adminhost"
)
)
AuthMethodGOSTSign GOST:Sign
(
LocalID = IdentityEntry( DistinguishedName* = USER_SPECIFIC_DATA )
RemoteID = my_admin
SendRequestMode = ALWAYS
SendCertMode = ALWAYS
)
IKERule IKERule:CMAP:1:DMAP:1
(
Transform = crypto:isakmp:policy:1
AggrModeAuthMethod = GOST:Sign
MainModeAuthMethod = GOST:Sign
DoNotUseDPD = TRUE
Priority = 100
)
IPsecAction IPsecAction:CMAP:1:DMAP:1
(
TunnelingParameters = TunnelEntry(
DFHandling=COPY
Assemble=TRUE
)
ContainedProposals = ( TSET:ESP )
GroupID = VKO_1B
IKERule = IKERule:CMAP:1:DMAP:1
)
FilterChain IPsecPolicy:CMAP (
Filters = Filter (
ProtocolID = 17
SourcePort = 500, 4500
Action = PASS
PacketType = LOCAL_UNICAST, LOCAL_MISDIRECTED
),
Filter (
SourceIP = 192.168.100.1
ProtocolID = 6
SourcePort = 22
Action = PASS
ExtendedAction = ipsec< sa = IPsecAction:CMAP:1:DMAP:1 >
LogEventID = "IPsec:Protect:CMAP:1:DMAP:1:LIST"
)
)
NetworkInterface (
LogicalName = "GigabitEthernet0/1"
OutputFilter = FilterChain:LIST2
IPsecPolicy = IPsecPolicy:CMAP
)