Текст LSP для устройства GW1

#   This is automatically generated LSP

#

#   Conversion Date/Time:   Mon May 27 11:07:09 2013

 

GlobalParameters(

    Title                       = "This LSP was automatically generated by CSP Converter at Mon May 27 11:07:09 2013"

    Version                     = LSP_4_1

    CRLHandlingMode             = OPTIONAL

    PreserveIPsecSA             = FALSE

)

 

IKEParameters(

    FragmentSize = 0

)

 

RoutingTable(

    Routes =

        Route(

            Destination = 0.0.0.0/0

            Gateway = 192.168.100.2

        )

)

 

FirewallParameters(

    TCPSynSentTimeout = 30

    TCPFinTimeout = 5

    TCPClosedTimeout = 30

    TCPSynRcvdTimeout = 30

    TCPEstablishedTimeout = 3600

    TCPHalfOpenLow = 400

    TCPHalfOpenMax = 500

    TCPSessionRateLow = 400

    TCPSessionRateMax = 500

)

 

IKETransform crypto:isakmp:policy:1

(

    CipherAlg   = "G2814789CPRO1-K256-CBC-65534"

    HashAlg     = "GR341194CPRO1-65534"

    GroupID     = VKO_1B

    RestrictAuthenticationTo = GOST_SIGN

    LifetimeSeconds = 86400

)

 

ESPProposal TSET:ESP

(

    Transform* = ESPTransform

    (

        CipherAlg*          = "G2814789CPRO1-K288-CNTMAC-253"

        LifetimeSeconds     = 3600

        LifetimeKilobytes   = 4608000

    )

)

 

FilterChain FilterChain:LIST2 (

    Filters = Filter (

        SourceIP = 192.168.100.1

        ProtocolID = 6

        SourcePort = 22

        Action = PASS

        LogEventID = "LIST2"

    ),

    Filter (

        SourceIP = 192.168.100.1

        ProtocolID = 17

        SourcePort = 4500

        Action = PASS

        LogEventID = "LIST2"

    ),

    Filter (

        SourceIP = 192.168.100.1

        ProtocolID = 17

        SourcePort = 500

        Action = PASS

        LogEventID = "LIST2"

    ),

    Filter (

        Action = DROP

        LogEventID = "LIST2"

    ),

    Filter (

        Action = DROP

    )

)

 

IdentityEntry my_admin(

    DistinguishedName* = CertDescription(

        Subject = TEMPLATE, "C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=adminhost"

    )

)

 

AuthMethodGOSTSign GOST:Sign

(

    LocalID        =  IdentityEntry( DistinguishedName* = USER_SPECIFIC_DATA )

    RemoteID       =  my_admin

    SendRequestMode    =  ALWAYS

    SendCertMode       =  ALWAYS

)

 

IKERule IKERule:CMAP:1:DMAP:1

(

    Transform = crypto:isakmp:policy:1

    AggrModeAuthMethod  = GOST:Sign

    MainModeAuthMethod  = GOST:Sign

    DoNotUseDPD         = TRUE

    Priority            = 100

)

 

IPsecAction IPsecAction:CMAP:1:DMAP:1

(

    TunnelingParameters = TunnelEntry(

        DFHandling=COPY

        Assemble=TRUE

    )

    ContainedProposals = ( TSET:ESP )

    GroupID = VKO_1B

    IKERule = IKERule:CMAP:1:DMAP:1

)

 

FilterChain IPsecPolicy:CMAP (

    Filters = Filter (

        ProtocolID = 17

        SourcePort = 500, 4500

        Action = PASS

        PacketType = LOCAL_UNICAST, LOCAL_MISDIRECTED

    ),

    Filter (

        SourceIP = 192.168.100.1

        ProtocolID = 6

        SourcePort = 22

        Action = PASS

        ExtendedAction = ipsec< sa = IPsecAction:CMAP:1:DMAP:1 >

        LogEventID = "IPsec:Protect:CMAP:1:DMAP:1:LIST"

    )

)

 

NetworkInterface (

    LogicalName = "GigabitEthernet0/1"

    OutputFilter = FilterChain:LIST2

    IPsecPolicy = IPsecPolicy:CMAP

)