Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton Ulanov2018-04-17 12:57:27
Debian
Anton Ulanov, 2018-04-17 12:57:27

How to set up site-to-site on s-terra?

Good afternoon, tell me how to defeat s-terra gate100. essence to connect them through ipsec.
Given: 2 s-terra gate100,
1 s-terra (gw) ip 192.168.1.252 192.168.1.253 192.168.1.254
2 s-terra (client) ip 192.168.1.242 192.168.1.243 192.168.1.244
GW

!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname GW
enable password csp
!
!
!
logging trap debugging
!
!
crypto isakmp policy 1
 encr gost
 hash gost
 authentication gost-sig
 group vko
!
crypto ipsec transform-set TSET esp-gost28147-4m-imit
!
ip access-list extended LIST
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 100.100.1.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
crypto map CMAP 1 ipsec-isakmp
 match address LIST
 set transform-set TSET 
 set pfs vko
 set peer 10.0.0.3
!
interface GigabitEthernet0/0
 ip address 192.168.1.252 255.255.255.0
 crypto map CMAP
!
interface GigabitEthernet0/1
 ip address 192.168.1.253 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.254 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
crypto pki trustpoint s-terra_technological_trustpoint
 revocation-check none
!
end

client
!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname client
enable password csp
!
!
!
logging trap debugging
!
!
crypto isakmp policy 1
 encr gost
 hash gost
 authentication gost-sig
 group vko
!
crypto ipsec transform-set TSET esp-gost28147-4m-imit
!
ip access-list extended LIST
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 100.100.1.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 any
!
!
interface GigabitEthernet0/0
 ip address 192.168.1.242 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 192.168.1.243 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.244 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
crypto pki trustpoint s-terra_technological_trustpoint
 revocation-check none
!
end

when pinging gw the link does not come up

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
D
Dmitry Maslennikov2017-05-15 20:13:42
The server slows down, how to determine and eliminate the cause? 5Reply
O
Oleg Chentsov2019-10-22 20:31:30
How to force restapi OCS Inventory to return Cyrillic? 0Reply
S
Sergey Vyvolokin2015-06-13 10:25:25
How to fix in Apache2? 2Reply
S
shaivam2015-06-14 14:30:41
How to understand this (logwatch)? 2Reply
A
Alexander Khorkov2021-04-27 11:47:19
How to upgrade Let's Encrypt certificate from ACMEv1 to ACMEv2? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question