!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname GW1
enable password csp
!
!
!
logging trap debugging
!
crypto identity my_admin
dn C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=adminhost
!
crypto isakmp policy 1
encr gost
hash gost
authentication gost-sig
group vko
!
crypto ipsec transform-set TSET esp-gost4mimit
!
ip access-list extended LIST
permit tcp host 192.168.100.1 eq 22 any
!
ip access-list extended LIST2
permit tcp host 192.168.100.1 eq 22 any
permit udp host 192.168.100.1 eq non500-isakmp any
permit udp host 192.168.100.1 eq isakmp any
deny ip any any
!
!
crypto dynamic-map DMAP 1
match address LIST
set transform-set TSET
set pfs vko
set identity my_admin
!
crypto map CMAP 1 ipsec-isakmp dynamic DMAP
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet0/1
ip address 192.168.100.1 255.255.255.0
ip access-group LIST2 out
crypto map CMAP
!
interface GigabitEthernet0/2
no ip address
shutdown
!
interface GigabitEthernet0/3
no ip address
shutdown
!
!
ip route 0.0.0.0 0.0.0.0 192.168.100.2
!
crypto pki trustpoint s-terra_technological_trustpoint
revocation-check none
crypto pki certificate chain s-terra_technological_trustpoint
certificate 4E4B0B11EFDB389E4E86244CDAA1B275
30820216308201C5A00302010202104E4B0B11EFDB389E4E86244CDAA1B27530
…
E9D07F4DC61F04CDBC87579FC44CE66D524CF742F2784805733F
quit
!
end