Текст cisco-like конфигурации для устройства GW1

!

version 12.4

no service password-encryption

!

crypto ipsec df-bit copy

crypto isakmp identity dn

username cscons privilege 15 password 0 csp

aaa new-model

!

!

hostname GW1

enable password csp

!

!

!

logging trap debugging

!

crypto identity my_admin

 dn C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=adminhost

!

crypto isakmp policy 1

 encr gost

 hash gost

 authentication gost-sig

 group vko

!

crypto ipsec transform-set TSET esp-gost4mimit

!

ip access-list extended LIST

 permit tcp host 192.168.100.1 eq 22 any

!

ip access-list extended LIST2

 permit tcp host 192.168.100.1 eq 22 any

 permit udp host 192.168.100.1 eq non500-isakmp any

 permit udp host 192.168.100.1 eq isakmp any

 deny   ip any any

!

!

crypto dynamic-map DMAP 1

 match address LIST

 set transform-set TSET

 set pfs vko

 set identity my_admin

!

crypto map CMAP 1 ipsec-isakmp dynamic DMAP

!

interface GigabitEthernet0/0

 ip address 192.168.1.1 255.255.255.0

!

interface GigabitEthernet0/1

 ip address 192.168.100.1 255.255.255.0

 ip access-group LIST2 out

 crypto map CMAP

!

interface GigabitEthernet0/2

 no ip address

 shutdown

!

interface GigabitEthernet0/3

 no ip address

 shutdown

!

!

ip route 0.0.0.0 0.0.0.0 192.168.100.2

!

crypto pki trustpoint s-terra_technological_trustpoint

 revocation-check none

crypto pki certificate chain s-terra_technological_trustpoint

certificate 4E4B0B11EFDB389E4E86244CDAA1B275

30820216308201C5A00302010202104E4B0B11EFDB389E4E86244CDAA1B27530

E9D07F4DC61F04CDBC87579FC44CE66D524CF742F2784805733F

 

quit

!

end