Текст LSP для устройства AdminHost

GlobalParameters (

    Title = "This LSP was automatically generated by S-Terra Client AdminTool (cp) at 2013.05.27 11:15:04"

    Version = LSP_4_1

    CRLHandlingMode = BEST_EFFORT

)

LDAPSettings (

    ResponseTimeout = 200

    HoldConnectTimeout = 60

    DropConnectTimeout = 5

)

IdentityEntry auth_identity_01(

    DistinguishedName *= CertDescription(

           Subject *= COMPLETE,"C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=adminhost"

           )

)

CertDescription local_cert_dsc_01(

    Subject *= COMPLETE,"C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=adminhost"

    Issuer *= COMPLETE,"C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=CA-W2008SP1-X64-CA"

    SerialNumber = "611425D8000000000002"

    FingerprintMD5 = "3EE6136FE1D8A9E0473E6A020B93C510"

)

CertDescription partner_cert_dsc_01(

)

AuthMethodGOSTSign auth_method_01(

    LocalID = auth_identity_01

    LocalCredential = local_cert_dsc_01

    RemoteCredential = partner_cert_dsc_01

    SendRequestMode = AUTO

    SendCertMode = AUTO

)

IKEParameters (

    DefaultPort = 500

    SendRetries = 5

    RetryTimeBase = 1

    RetryTimeMax = 30

    SessionTimeMax = 60

    InitiatorSessionsMax = 30

    ResponderSessionsMax = 20

    BlacklogSessionsMax = 16

    BlacklogSessionsMin = 0

    BlacklogSilentSessions = 4

    BlacklogRelaxTime = 120

    IKECFGPreferDefaultAddress = FALSE

)

IKETransform ike_trf_02(

    LifetimeSeconds = 28800

    CipherAlg  *= "G2814789CPRO1-K256-CBC-65534"

    HashAlg *= "GR341194CPRO1-65534"

    GroupID *= VKO_1B

)

IKETransform ike_trf_03(

    LifetimeSeconds = 28800

    CipherAlg  *= "G2814789CPRO1-K256-CBC-65534"

    HashAlg *= "GR341194CPRO1-65534"

    GroupID *= MODP_1536

)

IKETransform ike_trf_04(

    LifetimeSeconds = 28800

    CipherAlg  *= "G2814789CPRO1-K256-CBC-65534"

    HashAlg *= "GR341194CPRO1-65534"

    GroupID *= MODP_1024

)

IKETransform ike_trf_05(

    LifetimeSeconds = 28800

    CipherAlg  *= "G2814789CPRO1-K256-CBC-65534"

    HashAlg *= "GR341194CPRO1-65534"

    GroupID *= MODP_768

)

ESPTransform esp_trf_01(

    CipherAlg *= "G2814789CPRO1-K288-CNTMAC-253"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_01(

    Transform *=esp_trf_01

)

ESPTransform esp_trf_02(

    IntegrityAlg *= "GR341194CPRO1-H96-HMAC-65534"

    CipherAlg *= "NULL"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_02(

    Transform *=esp_trf_02

)

ESPTransform esp_trf_03(

    IntegrityAlg *= "G2814789CPRO1-K256-MAC-65535"

    CipherAlg *= "NULL"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_03(

    Transform *=esp_trf_03

)

ESPTransform esp_trf_04(

    CipherAlg *= "G2814789CPRO1-K256-CBC-254"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_04(

    Transform *=esp_trf_04

)

ESPTransform esp_trf_05(

    IntegrityAlg *= "GR341194CPRO1-H96-HMAC-65534"

    CipherAlg *= "G2814789CPRO1-K256-CBC-254"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_05(

    Transform *=esp_trf_05

)

ESPTransform esp_trf_06(

    IntegrityAlg *= "G2814789CPRO1-K256-MAC-65535"

    CipherAlg *= "G2814789CPRO1-K256-CBC-254"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_06(

    Transform *=esp_trf_06

)

ESPTransform esp_trf_07(

    IntegrityAlg *= "GR341194CPRO1-H96-HMAC-65534"

    CipherAlg *= "G2814789CPRO1-K288-CNTMAC-253"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_07(

    Transform *=esp_trf_07

)

ESPTransform esp_trf_08(

    IntegrityAlg *= "G2814789CPRO1-K256-MAC-65535"

    CipherAlg *= "G2814789CPRO1-K288-CNTMAC-253"

    LifetimeSeconds = 3600

    LifetimeKilobytes = 4608000

)

ESPProposal esp_proposal_08(

    Transform *=esp_trf_08

)

IKERule ike_rule(

    DoNotUseDPD = FALSE

    DPDIdleDuration = 60

    DPDResponseDuration = 5

    DPDRetries = 3

    MainModeAuthMethod *= auth_method_01

    Transform *= ike_trf_02,ike_trf_03,ike_trf_04,ike_trf_05

)

IPsecAction ipsec_action_01(

    TunnelingParameters *=

           TunnelEntry(

                 PeerIPAddress = 192.168.100.1

                 Assemble = TRUE

                 ReRoute = FALSE

           )

    ContainedProposals *= (esp_proposal_01),(esp_proposal_02),(esp_proposal_03),(esp_proposal_04),(esp_proposal_05),(esp_proposal_06),(esp_proposal_07),(esp_proposal_08)

    GroupID *= VKO_1B,MODP_1536,MODP_1024,MODP_768

    IKERule = ike_rule

)

FilterChain filter_chain_input(

    Filters *= Filter(

           ProtocolID *= 17

           DestinationPort *= 500

           Action = PASS

           LogEventID = "pass_action_02_01"

    ),Filter(

           ProtocolID *= 17

           DestinationPort *= 4500

           Action = PASS

           LogEventID = "pass_action_02_02"

    ),Filter(

           SourceIP *= 192.168.100.1

           ProtocolID *= 50

           Action = PASS

           LogEventID = "pass_action_03_01"

    ),Filter(

           SourceIP *= 192.168.100.1

           ProtocolID *= 51

           Action = PASS

           LogEventID = "pass_action_03_02"

    ),Filter(

           Action = PASS

           LogEventID = "pass_action_04"

    )

)

FilterChain filter_chain_output(

    Filters *= Filter(

           ProtocolID *= 17

           SourcePort *= 500

           Action = PASS

           LogEventID = "pass_action_05_01"

    ),Filter(

           ProtocolID *= 17

           SourcePort *= 4500

           Action = PASS

           LogEventID = "pass_action_05_02"

    ),Filter(

           DestinationIP *= 192.168.100.1

           ProtocolID *= 50

           Action = PASS

           LogEventID = "pass_action_06_01"

    ),Filter(

           DestinationIP *= 192.168.100.1

           ProtocolID *= 51

           Action = PASS

           LogEventID = "pass_action_06_02"

    ),Filter(

           Action = PASS

           LogEventID = "pass_action_07"

    )

)

FilterChain filter_chain_classification_input(

    Filters *= Filter(

           Action = PASS

           LogEventID = "pass_action_08"

    )

)

FilterChain filter_chain_classification_output(

    Filters *= Filter(

           Action = PASS

           LogEventID = "pass_action_09"

    )

)

FilterChain filter_chain_ipsec(

    Filters *= Filter(

           ProtocolID *= 17

           SourcePort *= 500

           Action = PASS

           LogEventID = "pass_action_10_01"

    ),Filter(

           ProtocolID *= 17

           SourcePort *= 4500

           Action = PASS

           LogEventID = "pass_action_10_02"

    ),Filter(

           DestinationIP *= 192.168.100.1

           ProtocolID *= 6

           DestinationPort *= 22

           Action = PASS

           ExtendedAction *= ipsec<sa=ipsec_action_01>

           LogEventID = "ipsec_action_01_01"

    ),Filter(

           DestinationIP *= 192.168.100.1

           ProtocolID *= 17

           DestinationPort *= 22

           Action = PASS

           ExtendedAction *= ipsec<sa=ipsec_action_01>

           LogEventID = "ipsec_action_01_02"

    ),Filter(

           DestinationIP *= 192.168.100.1

           ProtocolID *= 132

           DestinationPort *= 22

           Action = PASS

           ExtendedAction *= ipsec<sa=ipsec_action_01>

           LogEventID = "ipsec_action_01_03"

    ),Filter(

           Action = PASS

           LogEventID = "pass_action_11"

    )

)

NetworkInterface(

    InputFilter = filter_chain_input

    OutputFilter = filter_chain_output

    InputClassification = filter_chain_classification_input

    OutputClassification = filter_chain_classification_output

    IPsecPolicy = filter_chain_ipsec

)