{"id":20,"date":"2009-03-15T10:14:38","date_gmt":"2009-03-15T08:14:38","guid":{"rendered":"http:\/\/testwebsrv\/?p=20"},"modified":"2009-03-15T10:14:38","modified_gmt":"2009-03-15T08:14:38","slug":"%d1%81%d0%be%d0%b7%d0%b4%d0%b0%d0%bd%d0%b8%d0%b5-ipsec-%d1%82%d1%83%d0%bd%d0%bd%d0%b5%d0%bb%d1%8f-windows-cisco","status":"publish","type":"post","link":"https:\/\/www.maxx.net.ua\/?p=20","title":{"rendered":"\u0421\u043e\u0437\u0434\u0430\u043d\u0438\u0435 IPSEC \u0442\u0443\u043d\u043d\u0435\u043b\u044f Windows < - > Cisco"},"content":{"rendered":"

\u041d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0442\u044c 2 \u043f\u043e\u0434\u0441\u0435\u0442\u0438 172.10.0.0\/24 \u0438 172.30.0.0\/24. \u0421\u0435\u0442\u044c 172.10.0.0\/24 \u0438\u043c\u0435\u0435\u0442 \u0448\u043b\u044e\u0437 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 172.10.0.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432 W2k3 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u0421\u0435\u0442\u044c 172.30.0.0\/24 \u0438\u043c\u0435\u0435\u0442 \u0448\u043b\u044e\u0437 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 172.30.0.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 vlan900. W2k3 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u043c\u0435\u0435\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 10.1.127.13, \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440 Cisco \u0438\u043c\u0435\u0435\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 10.1.127.14. <\/p>\n

<\/a> \"\"<\/a> <\/p>\n

\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Cisco<\/h2>\n

encr 3des
\nhash md5
\nauthentication pre-share
\ngroup 2
\n!
\n1234567890 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043a\u043b\u044e\u0447\u043e\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f
\ncrypto isakmp key 1234567890 address 10.1.127.13
\n!
\ncrypto ipsec transform-set MAXX_Center esp-3des esp-md5-hmac
\n!
\ncrypto map MAXX_Center 10 ipsec-isakmp
\nset peer 10.1.127.13
\nset transform-set MAXX_Center
\nmatch address 110
\n!
\ninterface FastEthernet4
\ndescription == dc7100 ==
\nswitchport access vlan 900
\nspanning-tree portfast
\nIP \u0430\u0434\u0440\u0435\u0441 \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 vlan6 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442\u0441\u044f \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u0438, \u043e\u0434\u043d\u0430\u043a\u043e \u043d\u0430 \u0432\u0440\u0435\u043c\u044f \u0442\u0435\u0441\u0442\u0430 \u043e\u043d \u043e\u0441\u0442\u0430\u0432\u0430\u043b\u0441\u044f \u043d\u0435\u0438\u0437\u043c\u0435\u043d\u043d\u044b\u043c – 10.1.127.14
\n<\/span><\/em>interface Vlan6
\nip address dhcp
\ncrypto map MAXX_Center
\n!
\ninterface Vlan900
\nip address 172.30.0.1 255.255.255.0
\n!
\nip route 172.10.0.0 255.255.255.0 10.1.127.13
\n!
\naccess-list 110 permit ip 172.30.0.0 0.0.0.255 172.10.0.0 0.0.0.255 <\/p>\n

\u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Windows 2003 server <\/h2>\n
\u041f\u043e\u0441\u043b\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f cisco \u043b\u0430\u0437\u0438\u0442\u044c \u043f\u043e \u043e\u043a\u043e\u0448\u043a\u0430\u043c, \u0434\u0430 \u0435\u0449\u0435 \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044e \u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u0438 \u043f\u043e\u043c\u043e\u0449\u0438 Print-screen \u043a\u0430\u043a-\u0442\u043e \u043d\u0435 \u043e\u0441\u043e\u0431\u043e \u0443\u0434\u043e\u0431\u043d\u043e. \u041f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u0441\u043f\u043e\u043c\u0438\u043d\u0430\u0435\u043c \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u0443\u0442\u0438\u043b\u0438\u0442\u044b netsh \u0438 \u0441\u0442\u0430\u0440\u0430\u0435\u043c\u0441\u044f \u0437\u0430\u0431\u044b\u0442\u044c \u043e \u043d\u0430\u043b\u0438\u0447\u0438\u0438 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430. \u0421\u043a\u0440\u0438\u043f\u0442 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 W2k3 \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:<\/div>\n
netsh ipsec static set store location=local<\/div>\n
netsh ipsec static add policy “Windows – Cisco” mmpfs=no mmlifetime=60 assign=yes mmsecmethods=”3DES-MD5-2″<\/div>\n
netsh ipsec static add filter filterlist=”Windows-Cisco” srcaddr=172.10.0.0 dstaddr=172.30.0.0 protocol=any mirrored=no srcmask=24 dstmask=24<\/div>\n
netsh ipsec static add filter filterlist=”Cisco-Windows” srcaddr=172.30.0.0 dstaddr=172.10.0.0 protocol=any mirrored=no srcmask=24 dstmask=24<\/div>\n
netsh ipsec static add filteraction name=”WCAction” qmpfs=no action=negotiate qmsecmethods=ESP[3DES,MD5]<\/div>\n
netsh ipsec static add rule name=”Windows->Cisco tunnel” policy=”Windows – Cisco” filterlist=Windows-Cisco filteraction=WCAction tunnel=10.1.127.14 conntype=lan kerberos=no psk=”1234567890″<\/div>\n
netsh ipsec static add rule name=”Cisco->Windows tunnel” policy=”Windows – Cisco” filterlist=Cisco-Windows filteraction=WCAction tunnel=10.1.127.13 conntype=lan kerberos=no psk=”1234567890″<\/div>\n
netsh ipsec static set policy name=”Windows – Cisco” assign=yes<\/div>\n

\u041d\u0430 \u044d\u0442\u043e\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u043a\u043e\u043d\u0447\u0435\u043d\u043e. \u0422\u0443\u043d\u043d\u0435\u043b\u044c \u0434\u043e\u043b\u0436\u0435\u043d \u043f\u043e\u0434\u043d\u044f\u0442\u044c\u0441\u044f (\u043f\u043e \u043a\u0440\u0430\u0439\u043d\u0435\u0439 \u043c\u0435\u0440\u0435 \u0442\u0430\u043a \u044d\u0442\u043e \u0431\u044b\u043b\u043e \u0443 \u043c\u0435\u043d\u044f)<\/p>\n","protected":false},"excerpt":{"rendered":"

\u041d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u043e\u0435\u0434\u0438\u043d\u0438\u0442\u044c 2 \u043f\u043e\u0434\u0441\u0435\u0442\u0438 172.10.0.0\/24 \u0438 172.30.0.0\/24. \u0421\u0435\u0442\u044c 172.10.0.0\/24 \u0438\u043c\u0435\u0435\u0442 \u0448\u043b\u044e\u0437 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 172.10.0.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043d\u0430 \u043e\u0434\u043d\u043e\u043c \u0438\u0437 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432 W2k3 \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u0421\u0435\u0442\u044c 172.30.0.0\/24 \u0438\u043c\u0435\u0435\u0442 \u0448\u043b\u044e\u0437 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e 172.30.0.1, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f IP \u0430\u0434\u0440\u0435\u0441\u043e\u043c \u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0435 vlan900. W2k3 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438\u043c\u0435\u0435\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 10.1.127.13, \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440 Cisco \u0438\u043c\u0435\u0435\u0442 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441 10.1.127.14. \u041a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f Cisco encr […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,12],"tags":[19],"_links":{"self":[{"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/20"}],"collection":[{"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20"}],"version-history":[{"count":0,"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/20\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.maxx.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}