Не поднимается тоннель ipsec, в чем может быть проблема?

Question

Anton Antonov @Shellon

Не поднимается тоннель ipsec, в чем может быть проблема?

Всем привет! Настраиваю ipsec тоннель между двумя asa. Тоннель не поднимается и, даже не пытается. Порты 500 и 4500 доступны
Тоннель между айпишниками 150.97 и 78.54
Вот конфиг:

asa 1:

interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp
!
subnet 192.168.2.0 255.255.255.0
object network CC-Local
subnet 192.168.3.0 255.255.255.0
object network K2-Lan
subnet 192.168.10.0 255.255.255.0
object network loop
subnet 0.0.0.0 0.0.0.0
object network K1-local
subnet 192.168.1.0 255.255.255.0
object network ML
host 94.141.183.3
object network obj_0.0.0.0
subnet 0.0.0.0 0.0.0.0
object network ASA-NAUKA
host 84.47.183.210
object network ASA-Starlink
host 81.17.150.98
object network ContactCenter
host 62.141.65.170
object network Internal_IP
host 192.168.10.1
object-group network obj_any
network-object 0.0.0.0 0.0.0.0
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object udp
service-object tcp
service-object icmp echo
service-object tcp destination eq echo
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object udp
service-object tcp
service-object udp destination eq isakmp
service-object icmp
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object ASA-NAUKA
network-object object ML
network-object object Google-DNS
network-object object ContactCenter
network-object 192.168.10.0 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group service DM_INLINE_SERVICE_3
service-object ip
service-object udp
service-object tcp
service-object icmp alternate-address
service-object icmp echo
service-object icmp echo-reply
service-object icmp information-reply
service-object icmp information-request
service-object icmp traceroute
service-object udp destination eq isakmp
object-group service DM_INLINE_UDP_1 udp
port-object eq 4500
port-object eq isakmp
port-object eq sip
object-group service DM_INLINE_UDP_2 udp
port-object eq 4500
port-object eq isakmp
object-group network external_ip
network-object object ext_ip
access-list outside_access_in_1 extended permit udp any any eq isakmp
access-list outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_1 any any
access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any any
access-list outside_access_in_1 extended permit udp any object-group DM_INLINE_UDP_1 any
access-list outside_cryptomap_1 extended permit ip 192.168.10.0 255.255.255.0 object CC-Local
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 object-group DM_INLINE_NETWORK_1 any
access-list outside_cryptomap_2 extended permit ip 10.10.10.0 255.255.255.0 object K1-local
access-list outside_cryptomap extended permit ip object K2-Lan object K74-local
access-list global_access_1 extended permit udp any any eq isakmp
access-list global_access_1 extended permit object-group DM_INLINE_SERVICE_3 any any
access-list global_access_1 extended permit udp any object-group DM_INLINE_UDP_2 any
access-list Dostup_izvne standard permit any4
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) source static any interface destination static OG OG
!
object network obj_0.0.0.0
nat (any,outside) dynamic interface
access-group inside_access_in in interface inside
access-group outside_access_in_1 in interface outside
access-group global_access_1 global
route outside 0.0.0.0 0.0.0.0 10.202.92.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
t
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime kilobytes 3600
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 81.17.150.97
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map interface outside

crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
!
group-policy GroupPolicy_81.17.150.97 internal
group-policy GroupPolicy_81.17.150.97 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1 ikev2
tunnel-group 81.17.150.97 type ipsec-l2l
tunnel-group 81.17.150.97 general-attributes
default-group-policy GroupPolicy_81.17.150.97
tunnel-group 81.17.150.97 ipsec-attributes
ikev1 pre-shared-key #key#
ikev2 remote-authentication pre-shared-key #key#
ikev2 local-authentication pre-shared-key #key#

Вопрос задан более трёх лет назад
583 просмотра

1 комментарий

Подписаться 2 Оценить 1 комментарий

Anton Antonov @Shellon Автор вопроса

: Saved
: Written by enable_15 at 11:26:12.535 GMT Tue Sep 27 2016
!
ASA Version 9.0(3)
!
hostname ASA-K74
!
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/4
switchport access vlan 13
interface Vlan1
description Internal interface
nameif inside
security-level 100
ip address 192.168.2.25 255.255.255.0
!
interface Vlan2
description External interface
nameif Nauka
security-level 0
ip address 84.47.183.210 255.255.255.248
!
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
!
interface Vlan13
nameif Starlink
security-level 0
ip address 81.17.150.98 255.255.255.252
!
dns domain-lookup inside
dns domain-lookup Nauka
dns domain-lookup dmz
dns domain-lookup Starlink
dns server-group DefaultDNS
domain-name medkvadrat.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-0.0.0.0
subnet 0.0.0.0 0.0.0.0
object network LAN_kl
subnet 192.168.2.0 255.255.255.0
object network ccLan
subnet 192.168.3.0 255.255.255.0
object network ccWAN1_3
host 62.141.65.173
object network LANLand
subnet 192.168.1.0 255.255.255.0
object network Wan_1_1
host 62.141.65.171
object network ContactCenter
host 62.141.65.170
description 0
object network CC1
host 62.141.65.171
object network Cisco-3750
host 192.168.2.1
object network One
host 192.168.2.30
object service RDP
service tcp source eq 3389
object network OUT
host 84.47.183.210
object network NETWORK_OBJ_192.168.9.0_26
subnet 192.168.9.0 255.255.255.192
object network macbook
host 192.168.2.9
object network starlink_gateway
host 81.17.150.97
object network VPN1
host 192.168.9.1
object network K2-Lan
subnet 192.168.10.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
network-object object LANLand
network-object object LAN_kl
object-group network DM_INLINE_NETWORK_4
network-object object Wan_1_1
network-object object ccLan
network-object object ccWAN1_3
network-object object NETWORK_OBJ_192.168.9.0_26
object-group service smtp tcp
port-object eq smtp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object udp
protocol-object tcp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service ipsecv2 udp
port-object eq 4500
port-object eq isakmp
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object icmp
access-list outside_cryptomap_1 extended permit ip object LAN_kl object ccLan
access-list outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group DM_INLINE_NETWORK_4 any
access-list outside_access_in extended permit object RDP-service any object One
access-list outside_access_in extended permit object SMTP-service any object CGP
access-list outside_access_in extended permit ip interface inside object CC1
access-list outside_access_in extended permit ip interface inside any
access-list inside_access_in extended permit tcp interface inside interface Nauka object-group DM_INLINE_TCP_1 inactive
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit ip interface inside interface inside
access-list inside_access_in extended permit ip object LANLand object ccLan
access-list outside_cryptomap_2 extended permit ip object LANLand object ccLan
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any4 host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any4 any4 eq 137
access-list Starlink_access_in extended permit object-group DM_INLINE_PROTOCOL_2 any interface Starlink
access-list 112 standard permit any4
access-list Starlink_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object K2-Lan

nat (any,any) source static any any no-proxy-arp
nat (inside,Nauka) source static One interface service any RDP
nat (inside,Nauka) source static CGP interface service any SMTP2
nat (inside,Nauka) source static any any destination static NETWORK_OBJ_192.168.9.0_26 NETWORK_OBJ_192.168.9.0_26 no-proxy-arp route-lookup
!
object network obj-0.0.0.0
nat (any,Nauka) dynamic interface
access-group inside_access_in in interface inside
access-group outside_access_in in interface Nauka
access-group Starlink_access_in in interface Starlink
route Nauka 0.0.0.0 0.0.0.0 84.47.183.209 1
route inside 192.168.1.0 255.255.255.0 192.168.2.1 1
route Nauka 192.168.255.0 255.255.255.255 192.168.2.1 1
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL

sysopt noproxyarp inside
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto map l2l 1 set peer 84.47.183.210
crypto map l2l 2 match address outside_cryptomap_1
crypto map l2l 2 set pfs
crypto map l2l 2 set peer 62.141.65.173
crypto map l2l 2 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map l2l 2 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map l2l 3 match address outside_cryptomap_2
crypto map l2l 3 set peer 62.141.65.171
crypto map l2l 3 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map l2l 3 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map l2l 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map l2l interface Nauka
crypto map Starlink_map 1 match address Starlink_cryptomap
crypto map Starlink_map 1 set peer 193.41.78.54
crypto map Starlink_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Starlink_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map Starlink_map interface Starlink
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
enrollment self
fqdn none
subject-name CN=192.168.2.25,CN=mlasa
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_1
enrollment self
fqdn none
subject-name CN=192.168.2.25,CN=mlasa
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_2
enrollment self
fqdn none
subject-name CN=192.168.2.25,CN=mlasa
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_3
enrollment self
fqdn none
subject-name CN=192.168.2.25,CN=mlasa
keypair ASDM_LAUNCHER
crl configure
crypto ca trustpool policy

no crypto isakmp nat-traversal
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable Nauka
crypto ikev2 enable Starlink
crypto ikev1 enable Nauka
crypto ikev1 enable Starlink
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400

group-policy DfltGrpPolicy attributes
default-domain value medkvadrat.local
group-policy GroupPolicy_193.41.78.54 internal
group-policy GroupPolicy_193.41.78.54 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_62.141.65.173 internal
group-policy GroupPolicy_62.141.65.173 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy GroupPolicy_62.141.65.171 internal
group-policy GroupPolicy_62.141.65.171 attributes
vpn-tunnel-protocol ikev1 ikev2
group-policy VPNcl internal
group-policy VPNcl attributes
dns-server value 192.168.2.30 192.168.1.3
vpn-filter none
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
password-storage enable
split-tunnel-policy tunnelall
default-domain value medkvadrat.local
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key Medkvadr0
tunnel-group 62.141.65.173 type ipsec-l2l
tunnel-group 62.141.65.173 general-attributes
default-group-policy GroupPolicy_62.141.65.173
tunnel-group 62.141.65.173 ipsec-attributes
ikev1 pre-shared-key #key#
isakmp keepalive threshold 100 retry 10
ikev2 remote-authentication pre-shared-key #key#
ikev2 local-authentication pre-shared-key #key#
tunnel-group 62.141.65.171 type ipsec-l2l
tunnel-group 62.141.65.171 general-attributes
default-group-policy GroupPolicy_62.141.65.171
tunnel-group 62.141.65.171 ipsec-attributes
ikev1 pre-shared-key #key#
ikev2 remote-authentication pre-shared-key #key#
ikev2 local-authentication pre-shared-key #key#
tunnel-group VPNcl type remote-access
tunnel-group VPNcl general-attributes
address-pool VPN-Pool
default-group-policy VPNcl
tunnel-group VPNcl ipsec-attributes
ikev1 pre-shared-key Medkvadr0
tunnel-group 193.41.78.54 type ipsec-l2l
tunnel-group 193.41.78.54 general-attributes
default-group-policy GroupPolicy_193.41.78.54
tunnel-group 193.41.78.54 ipsec-attributes
ikev1 pre-shared-key #key#
ikev2 remote-authentication pre-shared-key #key#
ikev2 local-authentication pre-shared-key #key#
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512

Написано более трёх лет назад