Текст cisco-like конфигурации для шлюза GW2

!

version 12.4

no service password-encryption

!

crypto ipsec df-bit copy

crypto isakmp identity dn

crypto isakmp fragmentation

crypto isakmp keepalive 10

crypto isakmp keepalive retry-count 5

username cscons privilege 15 password 0 csp

aaa new-model

!

!

hostname GW2

enable password csp

!

!

!

!

crypto identity Admin

 dn C=RU,O=S-Terra CSP,OU=Research,CN=AdminHost

!

crypto isakmp policy 1

 encr gost

 hash gost341112-256-tc26

 authentication gost-sig

 group vko2

!

crypto ipsec transform-set TSET esp-gost28147-4m-imit

!

ip access-list extended GW_LIST

 permit ip host 172.16.0.2 host 172.16.0.1

!

ip access-list extended CLIENT_LIST

 permit tcp host 10.1.2.2 eq 22 any

!

ip access-list extended FILTER_LIST

 permit esp host 10.1.2.2 any

 permit udp host 10.1.2.2 eq non500-isakmp any

 permit udp host 10.1.2.2 eq isakmp any

 deny   ip any any

!

!

crypto dynamic-map DMAP 1

 match address CLIENT_LIST

 set transform-set TSET

 set identity Admin

!

crypto map CMAP 1 ipsec-isakmp

 match address GW_LIST

 set transform-set TSET

 set peer 10.1.1.2

crypto map CMAP 2 ipsec-isakmp dynamic DMAP

!

interface DP0

! Warning: no physical interface found (pattern "10G_000")

 no ip address

 crypto map CMAP

 crypto ipsec stream-id 1000

 shutdown

!

interface DP1

! Warning: no physical interface found (pattern "10G_001")

 no ip address

 crypto map CMAP

 crypto ipsec stream-id 1001

 shutdown

!

interface FastEthernet0/0

 ip address 10.1.2.2 255.255.255.0

 ip access-group FILTER_LIST out

 crypto map CMAP

 crypto ipsec stream-id 1000

!

interface FastEthernet0/1

 no ip address

 shutdown

!

!

ip route 0.0.0.0 0.0.0.0 10.1.2.1

!

crypto pki trustpoint s-terra_technological_trustpoint

 revocation-check crl

 crl download group GROUP http://10.0.221.170/certsrv/certcrl.crl

crypto pki certificate chain s-terra_technological_trustpoint

certificate 2A7932A877BCEC9E431A5C2CDC26E2A3

30820212308201C1A00302010202102A7932A877BCEC9E431A5C2CDC26E2A330

0806062A85030202033062310B3009060355040613025255310F300D06035504

0713064D6F73636F7731143012060355040A130B532D54657272612043535031

11300F060355040B130852657365617263683119301706035504031310526573

656172636820526F6F74204341301E170D3136313232323230353532335A170D

3336313232323231303435325A3062310B3009060355040613025255310F300D

060355040713064D6F73636F7731143012060355040A130B532D546572726120

4353503111300F060355040B1308526573656172636831193017060355040313

10526573656172636820526F6F742043413063301C06062A8503020213301206

072A85030202230106072A850302021E01034300044022040A6B8407256B40D5

A491C45AD7F792B18476B76405DA7F80AD44AA67D85CC1C9EF68F6EB38F1C31C

873E374C348245A862A3C3046C8CF8E1450C0598B985A351304F300B0603551D

0F040403020186300F0603551D130101FF040530030101FF301D0603551D0E04

16041414EA3F573705DE01C3E80F23BF64A13A96CD1FB4301006092B06010401

823715010403020100300806062A8503020203034100F8B18E0C87FE16CD93CA

7829F4FA981112A57201251CF36E3D10C95BD53D702E5EFB4B4ED111248AC475

389FAB5087EC9CACB597010B88E5F638C8CF8A4F6767

 

quit

!

end