GlobalParameters (
Title = "This LSP was automatically generated by S-Terra Client AdminTool (cp) at 2014.06.20 14:32:18"
Version = LSP_4_1
CRLHandlingMode = BEST_EFFORT
)
LDAPSettings (
ResponseTimeout = 200
HoldConnectTimeout = 60
DropConnectTimeout = 5
)
IdentityEntry auth_identity_01(
DistinguishedName *= CertDescription(
Subject *= COMPLETE,"C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=Client1"
)
)
CertDescription local_cert_dsc_01(
Subject *= COMPLETE,"C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=Client1"
Issuer *= COMPLETE,"C=RU,L=Moscow,O=S-Terra CSP,OU=Research,CN=CA-W2008SP1-X64-CA"
SerialNumber = "6118B135000000000002"
FingerprintMD5 = "5063E6A36023E8D35258E054A09CA586"
)
CertDescription partner_cert_dsc_01(
)
AuthMethodGOSTSign auth_method_01(
LocalID = auth_identity_01
LocalCredential = local_cert_dsc_01
RemoteCredential = partner_cert_dsc_01
SendRequestMode = AUTO
SendCertMode = AUTO
)
IKEParameters (
DefaultPort = 500
SendRetries = 5
RetryTimeBase = 1
RetryTimeMax = 30
SessionTimeMax = 60
InitiatorSessionsMax = 30
ResponderSessionsMax = 20
BlacklogSessionsMax = 16
BlacklogSessionsMin = 0
BlacklogSilentSessions = 4
BlacklogRelaxTime = 120
IKECFGPreferDefaultAddress = FALSE
)
IKETransform ike_trf_02(
LifetimeSeconds = 28800
CipherAlg *= "G2814789CPRO1-K256-CBC-65534"
HashAlg *= "GR341194CPRO1-65534"
GroupID *= VKO_1B
)
IKETransform ike_trf_03(
LifetimeSeconds = 28800
CipherAlg *= "G2814789CPRO1-K256-CBC-65534"
HashAlg *= "GR341194CPRO1-65534"
GroupID *= MODP_1536
)
IKETransform ike_trf_04(
LifetimeSeconds = 28800
CipherAlg *= "G2814789CPRO1-K256-CBC-65534"
HashAlg *= "GR341194CPRO1-65534"
GroupID *= MODP_1024
)
IKETransform ike_trf_05(
LifetimeSeconds = 28800
CipherAlg *= "G2814789CPRO1-K256-CBC-65534"
HashAlg *= "GR341194CPRO1-65534"
GroupID *= MODP_768
)
ESPTransform esp_trf_01(
CipherAlg *= "G2814789CPRO1-K288-CNTMAC-253"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_01(
Transform *=esp_trf_01
)
ESPTransform esp_trf_02(
IntegrityAlg *= "GR341194CPRO1-H96-HMAC-65534"
CipherAlg *= "G2814789CPRO1-K256-CBC-254"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_02(
Transform *=esp_trf_02
)
ESPTransform esp_trf_03(
IntegrityAlg *= "GR341194CPRO1-H96-HMAC-65534"
CipherAlg *= "NULL"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_03(
Transform *=esp_trf_03
)
ESPTransform esp_trf_04(
IntegrityAlg *= "G2814789CPRO1-K256-MAC-65535"
CipherAlg *= "NULL"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_04(
Transform *=esp_trf_04
)
ESPTransform esp_trf_05(
CipherAlg *= "G2814789CPRO1-K256-CBC-254"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_05(
Transform *=esp_trf_05
)
ESPTransform esp_trf_06(
IntegrityAlg *= "G2814789CPRO1-K256-MAC-65535"
CipherAlg *= "G2814789CPRO1-K256-CBC-254"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_06(
Transform *=esp_trf_06
)
ESPTransform esp_trf_07(
IntegrityAlg *= "GR341194CPRO1-H96-HMAC-65534"
CipherAlg *= "G2814789CPRO1-K288-CNTMAC-253"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_07(
Transform *=esp_trf_07
)
ESPTransform esp_trf_08(
IntegrityAlg *= "G2814789CPRO1-K256-MAC-65535"
CipherAlg *= "G2814789CPRO1-K288-CNTMAC-253"
LifetimeSeconds = 3600
LifetimeKilobytes = 4608000
)
ESPProposal esp_proposal_08(
Transform *=esp_trf_08
)
IKERule ike_rule_with_ikecfg(
DoNotUseDPD = FALSE
DPDIdleDuration = 60
DPDResponseDuration = 5
DPDRetries = 3
MainModeAuthMethod *= auth_method_01
Transform *= ike_trf_02,ike_trf_03,ike_trf_04,ike_trf_05
IKECFGRequestAddress = TRUE
)
IPsecAction ipsec_action_01(
PersistentConnection = TRUE
TunnelingParameters *=
TunnelEntry(
PeerIPAddress = 10.0.1.4
Assemble = TRUE
ReRoute = FALSE
)
ContainedProposals *= (esp_proposal_01),(esp_proposal_02),(esp_proposal_03),(esp_proposal_04),(esp_proposal_05),(esp_proposal_06),(esp_proposal_07),(esp_proposal_08)
GroupID *= VKO_1B,MODP_1536,MODP_1024,MODP_768
IKERule = ike_rule_with_ikecfg
)
FilterChain filter_chain_input(
Filters *= Filter(
ProtocolID *= 17
DestinationPort *= 500
Action = PASS
LogEventID = "pass_action_02_01"
),Filter(
ProtocolID *= 17
DestinationPort *= 4500
Action = PASS
LogEventID = "pass_action_02_02"
),Filter(
SourceIP *= 10.0.1.4
ProtocolID *= 50
Action = PASS
LogEventID = "pass_action_03_01"
),Filter(
SourceIP *= 10.0.1.4
ProtocolID *= 51
Action = PASS
LogEventID = "pass_action_03_02"
),Filter(
Action = PASS
LogEventID = "pass_action_04"
)
)
FilterChain filter_chain_output(
Filters *= Filter(
ProtocolID *= 17
SourcePort *= 500
Action = PASS
LogEventID = "pass_action_05_01"
),Filter(
ProtocolID *= 17
SourcePort *= 4500
Action = PASS
LogEventID = "pass_action_05_02"
),Filter(
DestinationIP *= 10.0.1.4
ProtocolID *= 50
Action = PASS
LogEventID = "pass_action_06_01"
),Filter(
DestinationIP *= 10.0.1.4
ProtocolID *= 51
Action = PASS
LogEventID = "pass_action_06_02"
),Filter(
Action = PASS
LogEventID = "pass_action_07"
)
)
FilterChain filter_chain_classification_input(
Filters *= Filter(
Action = PASS
LogEventID = "pass_action_08"
)
)
FilterChain filter_chain_classification_output(
Filters *= Filter(
Action = PASS
LogEventID = "pass_action_09"
)
)
FilterChain filter_chain_ipsec(
Filters *= Filter(
ProtocolID *= 17
SourcePort *= 500
Action = PASS
LogEventID = "pass_action_10_01"
),Filter(
ProtocolID *= 17
SourcePort *= 4500
Action = PASS
LogEventID = "pass_action_10_02"
),Filter(
DestinationIP *= 192.168.1.0/24
Action = PASS
ExtendedAction *= ipsec<sa=ipsec_action_01>
LogEventID = "ipsec_action_01"
),Filter(
Action = PASS
LogEventID = "pass_action_11"
)
)
NetworkInterface(
InputFilter = filter_chain_input
OutputFilter = filter_chain_output
InputClassification = filter_chain_classification_input
OutputClassification = filter_chain_classification_output
IPsecPolicy = filter_chain_ipsec
)