Manual:IP/IPsec: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
Eep (talk | contribs)
m revert vandalism
Replaced content with '{{...}}'
Line 1: Line 1:
==IPsec between MikroTik and Cisco PIX in tunnel mode==
{{...}}
 
* On Cisco PIX firewall:
<pre>
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 101
!
sysopt connection permit-ipsec
!
crypto ipsec transform-set MySet esp-3des esp-sha-hmac
!
crypto map MyMap 1 ipsec-isakmp
crypto map MyMap 1 match address 101
crypto map MyMap 1 set peer 10.11.0.2
crypto map MyMap 1 set transform-set MySet
crypto map MyMap 10 set security-association lifetime seconds 86400
crypto map MyMap interface outside
!
isakmp enable outside
isakmp key gsdhg%#@&$*&#$U782GY#JG#HJ1231 address 10.11.0.2 netmask 255.255.255.255
isakmp identity address
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
</pre>
* On MikroTik router:
<pre>
/ip ipsec peer add secret="gsdhg%#@&$*&#$U782GY#JG#HJ1231" address=10.11.0.2/32 \
\... enc-algorithm=3des hash-algorithm=sha1 dh-group=modp1024 lifetime=1d
/ip ipsec proposal add auth-algorithms=sha1 enc-algorithm=3des lifetime=1d
/ip ipsec policy add src-address 192.168.1.0/24 dst-address=192.168.0.0/24 \
\... sa-src-address=10.0.0.1 sa-dst-address=10.11.0.2 ipsec-protocols=esp action=encrypt level=require tunnel=yes</pre>

Revision as of 16:01, 16 December 2009

(needs editing)