Mainos / Advertisement:

Difference between revisions of "RouterOS IPSec"

From Taisto
Jump to navigation Jump to search
(Ak: Uusi sivu: Oletetaan että reitittimillä on jo yhteys toisiinsa. Esimerkin tiedot: Site 1: * WAN 10.0.0.19 * LAN 192.168.200.1 Site 2: * WAN 10.0.0.21 * LAN 192.168.100.1 Peerin konffau...)
(No difference)

Revision as of 10:35, 27 February 2015

Oletetaan että reitittimillä on jo yhteys toisiinsa. Esimerkin tiedot:

Site 1:

  • WAN 10.0.0.19
  • LAN 192.168.200.1


Site 2:

  • WAN 10.0.0.21
  • LAN 192.168.100.1


Peerin konffaus:

Site 1:

ip ipsec peer
add address=192.168.100.1/24 port=500 auth-method=pre-shared-key
secret=Qwerty1

Site 2:

ip ipsec peer
add address=192.168.200.1/24 port=500 auth-method=pre-shared-key
secret=Qwerty1


Poliisijutskien konffaus:

Site 1:

ip ipsec policy
add src-address=192.168.200.0/24 src-port=any dst-address=192.168.100.0/24 dst-port=any sa-src-address=10.0.0.19 sa-dst-address=10.0.0.21 tunnel=yes action=encrypt proposal=default

Site 2:

ip ipsec policy
add src-address=192.168.100.0/24 src-port=any dst-address=192.168.200.0/24 dst-port=any sa-src-address=10.0.0.21 sa-dst-address=10.0.0.19 tunnel=yes action=encrypt proposal=default
Mainos / Advertisement: