Текст cisco-like конфигурации для шлюза GW1

!

version 12.4

no service password-encryption

!

crypto ipsec df-bit copy

crypto isakmp identity dn

crypto isakmp keepalive 10

crypto isakmp keepalive retry-count 5

username cscons privilege 15 password 0 csp

aaa new-model

aaa authentication login RADIUS1 group radius

!

radius-server host 192.168.1.5

radius-server key secret1

!

hostname GW1

enable password csp

!

!

!

!

!

crypto isakmp policy 1

 encr gost

 hash gost341112-256-tc26

 authentication gost-sig

 group vko2

!

crypto ipsec transform-set TSET esp-gost28147-4m-imit

!

ip access-list extended LIST

 permit ip 192.168.1.0 0.0.0.255 any

!

ip access-list extended FILTER_LIST

 permit ip 192.168.11.0 0.0.0.255 host 192.168.1.100

 permit ip 192.168.12.0 0.0.0.255 host 192.168.1.101

 permit ip host 192.168.1.1 host 192.168.1.5

!

!

crypto dynamic-map DMAP 1

 match address LIST

 set transform-set TSET

 reverse-route

 set client authentication list RADIUS1

 set client authentication xauth

 set client username interactive

!

crypto map CMAP 1 ipsec-isakmp dynamic DMAP

!

interface GigabitEthernet0/0

 ip address 192.168.1.1 255.255.255.0

 ip access-group FILTER_LIST out

!

interface GigabitEthernet0/1

 ip address 10.1.1.2 255.255.255.0

 crypto map CMAP

!

interface GigabitEthernet0/2

 no ip address

 shutdown

!

interface GigabitEthernet0/3

 no ip address

 shutdown

!

!

ip route 0.0.0.0 0.0.0.0 10.1.1.1

!

crypto pki trustpoint s-terra_technological_trustpoint

 revocation-check crl

 crl download group GROUP http://10.0.221.170/certsrv/certcrl.crl

crypto pki certificate chain s-terra_technological_trustpoint

certificate 2A7932A877BCEC9E431A5C2CDC26E2A3

30820212308201C1A00302010202102A7932A877BCEC9E431A5C2CDC26E2A330

0806062A85030202033062310B3009060355040613025255310F300D06035504

0713064D6F73636F7731143012060355040A130B532D54657272612043535031

11300F060355040B130852657365617263683119301706035504031310526573

656172636820526F6F74204341301E170D3136313232323230353532335A170D

3336313232323231303435325A3062310B3009060355040613025255310F300D

060355040713064D6F73636F7731143012060355040A130B532D546572726120

4353503111300F060355040B1308526573656172636831193017060355040313

10526573656172636820526F6F742043413063301C06062A8503020213301206

072A85030202230106072A850302021E01034300044022040A6B8407256B40D5

A491C45AD7F792B18476B76405DA7F80AD44AA67D85CC1C9EF68F6EB38F1C31C

873E374C348245A862A3C3046C8CF8E1450C0598B985A351304F300B0603551D

0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04

16041414EA3F573705DE01C3E80F23BF64A13A96CD1FB4301006092B06010401

823715010403020100300806062A8503020203034100F8B18E0C87FE16CD93CA

7829F4FA981112A57201251CF36E3D10C95BD53D702E5EFB4B4ED111248AC475

389FAB5087EC9CACB597010B88E5F638C8CF8A4F6767

 

quit

!

end