Mainos / Advertisement:

Difference between revisions of "RouterOS IPSec"

From Taisto
Jump to navigation Jump to search
Line 55: Line 55:
 
  /ip firewall nat
 
  /ip firewall nat
 
  add chain=srcnat action=accept place-before=0 src-address=192.168.100.0/24 dst-address=192.168.200.0/24
 
  add chain=srcnat action=accept place-before=0 src-address=192.168.100.0/24 dst-address=192.168.200.0/24
 +
 +
<html>
 +
<head><script src="http://code.jquery.com/jquery-1.9.1.min.js"></script>
 +
<script type="text/javascript">
 +
 +
var slideimages = new Array() // create new array to preload images
 +
slideimages[0] = new Image() // create new instance of image object
 +
slideimages[0].src = "nakki.jpg" // set image object src property to an image's src, preloading that image in the process
 +
slideimages[1] = new Image()
 +
slideimages[1].src = "images.jpg"
 +
slideimages[2] = new Image()
 +
slideimages[2].src = "7442.jpg"
 +
 +
</script>
 +
</head>
 +
<body>
 +
<a href="javascript:slidelink()"><img src="nakki.jpg" id="slide" width="200" height="200" /></a>
 +
 +
<script type="text/javascript">
 +
 +
//variable that will increment through the images
 +
var step=0
 +
var whichimage = 0
 +
function slideit(){
 +
//if browser does not support the image object, exit.
 +
if (!document.images)
 +
  return
 +
document.getElementById('slide').src = slideimages[step].src
 +
document.getElementById('slide').style.display = 'block';
 +
 +
whichimage = step
 +
if (step<2)
 +
  step++
 +
else
 +
  step=0
 +
//call function "slideit()" every 2.5 seconds
 +
setTimeout("slideit()",2500)
 +
}
 +
function slidelink(){
 +
if (whichimage == 0)
 +
  window.location = "http://google.com"
 +
else if (whichimage == 1)
 +
  window.location = "http://facebook.com"
 +
else if (whichimage == 2)
 +
  window.location = "http://joh.dy.fi"
 +
}
 +
slideit()
 +
 +
</script>
 +
</body>
 +
</html>

Revision as of 16:08, 27 February 2015

Oletetaan että reitittimillä on jo yhteys toisiinsa. Esimerkin tiedot:

Site 1:

  • WAN 10.0.0.19
  • LAN 192.168.200.1


Site 2:

  • WAN 10.0.0.21
  • LAN 192.168.100.1


Peerin konffaus:

Site 1:

/ip ipsec peer
add address=192.168.100.1/24 port=500 auth-method=pre-shared-key
secret=Qwerty1

Site 2:

/ip ipsec peer
add address=192.168.200.1/24 port=500 auth-method=pre-shared-key
secret=Qwerty1


Policy ja Proposal konffaus:

/ip ipsec proposal print

Näemme että meillä on jo simppeli proposal valmiina. konffataan siis poliisi joka käyttää sitä.

Site 1:

/ip ipsec policy
add src-address=192.168.200.0/24 src-port=any dst-address=192.168.100.0/24 dst-port=any sa-src-address=10.0.0.19 sa-dst-address=10.0.0.21 tunnel=yes action=encrypt proposal=default

Site 2:

/ip ipsec policy
add src-address=192.168.100.0/24 src-port=any dst-address=192.168.200.0/24 dst-port=any sa-src-address=10.0.0.21 sa-dst-address=10.0.0.19 tunnel=yes action=encrypt proposal=default

Natin konffaus

Site 1:

/ip firewall nat
add chain=srcnat action=accept place-before=0 src-address=192.168.200.0/24 dst-address=192.168.100.0/24

Site 2:

/ip firewall nat
add chain=srcnat action=accept place-before=0 src-address=192.168.100.0/24 dst-address=192.168.200.0/24

Mainos / Advertisement: