Maybe to clarify, what I want to archive: here are the configs that I created
according to various sources, I fond on the internet:
r...@kunde003-lan:/etc/inet/ike# more /etc/hostname.ip*
::::::::::::::
/etc/hostname.ip.tun0
::::::::::::::
192.168.111.9 10.1.1.1 tsrc 172.17.1.2 tdst 172.17.1.1 router up
::::::::::::::
/etc/hostname.iprb103001
::::::::::::::
kunde003-dmz
172.17.1.2 router
::::::::::::::
/etc/hostname.iprb3000
::::::::::::::
kunde003-lan
192.168.111.9 private
r...@kunde003-lan:/etc/inet/ike# cat /etc/inet/ipsecinit.conf
{laddr 192.168.110.10 raddr 10.1.1.2} ipsec {auth_algs any encr_algs any sa
shared}
r...@kunde003-lan:/etc/inet/ike# cat /etc/inet/ike/config
p1_lifetime_secs 28800
p1_nonce_len 20
p1_xform { auth_method rsa_sig oakley_group 2 auth_alg sha1 encr_alg 3des-cbc }
p2_pfs 2
{
label "simple inheritor"
local_addr 192.168.111.0/24
remote_addr 10.1.1.0/24
}
r...@kunde003-lan:/etc/inet/secret# more ike.preshared
{ localidtype IP
localid 172.17.1.2
remoteidtype IP
remoteid 172.17.1.1
key xxxxxxxxxxxx (key is actually hex values)
}
r...@kunde003-lan:/etc/inet/secret# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default 172.17.1.1 UG 1 62530
10.1.1.1 192.168.111.9 UH 1 2 ip.tun0
172.17.1.0 172.17.1.2 U 1 40 iprb3000
192.168.111.0 192.168.111.9 U 1 3 iprb103001
127.0.0.1 127.0.0.1 UH 1 0 lo0
HTH,
Kai
--
This message posted from opensolaris.org
_______________________________________________
security-discuss mailing list
[email protected]
