Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Anton Ulanov2018-04-17 12:57:27
Debian
Anton Ulanov, 2018-04-17 12:57:27

How to set up site-to-site on s-terra?

Good afternoon, tell me how to defeat s-terra gate100. essence to connect them through ipsec.
Given: 2 s-terra gate100,
1 s-terra (gw) ip 192.168.1.252 192.168.1.253 192.168.1.254
2 s-terra (client) ip 192.168.1.242 192.168.1.243 192.168.1.244
GW

!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname GW
enable password csp
!
!
!
logging trap debugging
!
!
crypto isakmp policy 1
 encr gost
 hash gost
 authentication gost-sig
 group vko
!
crypto ipsec transform-set TSET esp-gost28147-4m-imit
!
ip access-list extended LIST
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 100.100.1.0 0.0.0.255 192.168.0.0 0.0.0.255
!
!
crypto map CMAP 1 ipsec-isakmp
 match address LIST
 set transform-set TSET 
 set pfs vko
 set peer 10.0.0.3
!
interface GigabitEthernet0/0
 ip address 192.168.1.252 255.255.255.0
 crypto map CMAP
!
interface GigabitEthernet0/1
 ip address 192.168.1.253 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.254 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
crypto pki trustpoint s-terra_technological_trustpoint
 revocation-check none
!
end

client
!
version 12.4
no service password-encryption
!
crypto ipsec df-bit copy
crypto isakmp identity dn
username cscons privilege 15 password 0 csp
aaa new-model
!
!
hostname client
enable password csp
!
!
!
logging trap debugging
!
!
crypto isakmp policy 1
 encr gost
 hash gost
 authentication gost-sig
 group vko
!
crypto ipsec transform-set TSET esp-gost28147-4m-imit
!
ip access-list extended LIST
 permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 100.100.1.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 any
!
!
interface GigabitEthernet0/0
 ip address 192.168.1.242 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 192.168.1.243 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.244 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
crypto pki trustpoint s-terra_technological_trustpoint
 revocation-check none
!
end

when pinging gw the link does not come up

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
S
Schoolboy.2015-10-16 20:54:54
How to run .sh file over ssh via php? 1Reply
E
Enjoykin2018-02-23 11:46:24
How to configure so that the terminal can see what is being done over the ssh connection? 4Reply
J
juffinhalli2011-08-03 08:16:49
Automate package installation in Debian [SOLVED]? 2Reply
V
Vladimir2011-08-16 15:46:45
Data recovery from software RAID-1 2Reply
A
AlexWinner2011-08-19 12:13:14
Xen - something eats up memory in dom0? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question