Kategorie: VPN-IPSEC
IPSec Nutzung von PKCS#12 Zertifikaten mittels OpenSSL
Mit der neuen Firmware ab 7.2.1 besteht die Möglichkeit, PKCS#12 Zertifikate direkt zu importieren. Da ein PCKS#12-File Private Key, Eigenes Zertifikat und Root Zertifikat enthält, erübrigt sich damit das Erstellen und Signieren des Keys auf dem Router.
1. Voraussetzungen
- Min. Bintec Router Firmware 7.2.1
- Erstconfiguration von IPSec
- Lauffähige openssl CA [ z.B. OpenSSL 0.9.7d 17 Mar 2004 ] mit der die PCKS#12 Zertifikate erstellt werden.
- Internet Connectivity
- TFTP Server, z.B. Dime-Tools
Context:
CA: CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE
VPN100: CN=vpn100, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE
VPN25: CN=vpn25, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE
Szenario:
WICHTIG !!!
Auf den IPSec Gateways muss die Uhrzeit korrekt sein. Am besten im Menü Time & Date einen Zeitserver eintragen.
Kontrolle auf der shell mit date, z.B.:
vpn100:> date
Tue Jan 3 14:00:02 2006
2. IPSec Wizard
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC]: IPsec Configuration - Main Menu vpn100
_______________________________________________________________________________
There are still some prerequisite configuration steps to do.
Do you want to use the wizard?
Yes No
_______________________________________________________________________________
[IPSEC]: IPsec Configuration - Main Menu vpn100
_______________________________________________________________________________
There are still some prerequisite configuration steps to do.
Do you want to use the wizard?
Yes No
_______________________________________________________________________________
Weiter mit YES
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
What to do? start wizard
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
What to do? start wizard
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Weiter mit START WIZARD.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
- for ESP: NULL Rijndael Twofish Blowfish CAST DES DES3 ^
MD5 SHA1 NOMAC |
- for AH: SHA1 MD5 |
+ Check default IKE profile ... |
default profile created |
+ Check default IPSec profile ... |
default profile created |
+ Check IPSEC Default Authentication Method ... |
Currently set to "Pre Shared Keys" =
Use which Default IPSEC Authentication Method ? current: PSK
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
- for ESP: NULL Rijndael Twofish Blowfish CAST DES DES3 ^
MD5 SHA1 NOMAC |
- for AH: SHA1 MD5 |
+ Check default IKE profile ... |
default profile created |
+ Check default IPSec profile ... |
default profile created |
+ Check IPSEC Default Authentication Method ... |
Currently set to "Pre Shared Keys" =
Use which Default IPSEC Authentication Method ? current: PSK
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Als Authentication Method "RSA Signature" auswählen.
Durch Drücken der Return Taste ändert sich die Eingabemaske wie folgt:
Durch Drücken der Return Taste ändert sich die Eingabemaske wie folgt:
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
+ Check default IPSec profile ... ^
already configured (default settings) |
+ Check IPSEC Default Authentication Method ... |
Currently set to "RSA Signature" |
+ Check IPSEC Default Local ID ... |
Using Local ID from Certificate |
+ Check for public key pair ... |
created Key RSA 1024 e=65537 |
+ Check for own Certificate ... =
Request own certificate (initiate enrollment) ? start
(Choose "skip" to import an already available (<Space> to choose)
own cert in the next step) (<Return> to select)
Exit
_______________________________________________________________________________
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
+ Check default IPSec profile ... ^
already configured (default settings) |
+ Check IPSEC Default Authentication Method ... |
Currently set to "RSA Signature" |
+ Check IPSEC Default Local ID ... |
Using Local ID from Certificate |
+ Check for public key pair ... |
created Key RSA 1024 e=65537 |
+ Check for own Certificate ... =
Request own certificate (initiate enrollment) ? start
(Choose "skip" to import an already available (<Space> to choose)
own cert in the next step) (<Return> to select)
Exit
_______________________________________________________________________________
Hier nun Request own certificate auf SKIP stellen und bestätigen.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
already configured (default settings) ^
+ Check IPSEC Default Authentication Method ... |
Currently set to "RSA Signature" |
+ Check IPSEC Default Local ID ... |
Using Local ID from Certificate |
+ Check for public key pair ... |
created Key RSA 1024 e=65537 |
+ Check for own Certificate ... |
Certificate Enrollment skipped =
Import new own Certificate ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
[IPSEC][WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
already configured (default settings) ^
+ Check IPSEC Default Authentication Method ... |
Currently set to "RSA Signature" |
+ Check IPSEC Default Local ID ... |
Using Local ID from Certificate |
+ Check for public key pair ... |
created Key RSA 1024 e=65537 |
+ Check for own Certificate ... |
Certificate Enrollment skipped =
Import new own Certificate ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
START auswählen und bestätigen.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[GETCERT]: IPsec Configuration - Get Certificate vpn100
_______________________________________________________________________________
Import a Certificate/CRL using: TFTP
Type of certificate: Own Certificate
Server: 172.16.64.98
Name: vpn100.p12 auto
START EXIT
_______________________________________________________________________________
[GETCERT]: IPsec Configuration - Get Certificate vpn100
_______________________________________________________________________________
Import a Certificate/CRL using: TFTP
Type of certificate: Own Certificate
Server: 172.16.64.98
Name: vpn100.p12 auto
START EXIT
_______________________________________________________________________________
In dieser Maske müssen nun TFTP Server IP und Filename eingetragen werden. In diesem Beispiel sind es 172.16.64.98 und vpn100.p12.
Nach Drücken von START wird das PKCS#12 Zertifikat vom TFTP Server geladen und das Passwort (bzw. PIN) abgefragt. Da bei PKCS#12 auch mehrere PINs gesetzt werden können, kommt die Abfrage nach den PINs mehrmals. Da sich der Router die PINs merkt, kann bei gleichen PINs einfach mit Return bestätigt werden.
Nach Drücken von START wird das PKCS#12 Zertifikat vom TFTP Server geladen und das Passwort (bzw. PIN) abgefragt. Da bei PKCS#12 auch mehrere PINs gesetzt werden können, kommt die Abfrage nach den PINs mehrmals. Da sich der Router die PINs merkt, kann bei gleichen PINs einfach mit Return bestätigt werden.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[GETCERT][GETCERT]: IPsec Configuration - Review Certificate vpn100
_______________________________________________________________________________
Please Review retrieved Certificate: [vpn100.p12]
Encountered PKCS#12 password authenticated envelope
please enter password for outer envelope bintec123
_______________________________________________________________________________
[GETCERT][GETCERT]: IPsec Configuration - Review Certificate vpn100
_______________________________________________________________________________
Please Review retrieved Certificate: [vpn100.p12]
Encountered PKCS#12 password authenticated envelope
please enter password for outer envelope bintec123
_______________________________________________________________________________
...
please enter password for internal safe bintec123
...
please enter password for shrouded key bintec123
...
Anmerkung: Die Passwörter werden in Klartext angezeigt, wenn man das Setup Tool mit setup -p aufruft.
Nun wird das Zertifikat in Klartext angezeigt:
please enter password for internal safe bintec123
...
please enter password for shrouded key bintec123
...
Anmerkung: Die Passwörter werden in Klartext angezeigt, wenn man das Setup Tool mit setup -p aufruft.
Nun wird das Zertifikat in Klartext angezeigt:
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[GETCERT][GETCERT]: IPsec Configuration - Review Certificate vpn100
_______________________________________________________________________________
Please Review retrieved Certificate: [vpn100.p12]
Encountered PKCS#12 password authenticated envelope =
Certificate = |
SerialNumber = 3 |
SubjectName = <CN=vpn100, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE> |
IssuerName = <CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE> |
Validity = |
NotBefore = 2006 Jan 3rd, 08:31:23 GMT |
NotAfter = 2008 Jan 3rd, 08:31:23 GMT |
PublicKeyInfo = |
Algorithm name (X.509) : rsaEncryption |
Modulus n (1024 bits) : |
1144646100585592664812177391569616946423366771377744314309158422821 |
1783525714534850159341145407687004995040109692321982937220065693776 v
IMPORT CANCEL
_______________________________________________________________________________
[GETCERT][GETCERT]: IPsec Configuration - Review Certificate vpn100
_______________________________________________________________________________
Please Review retrieved Certificate: [vpn100.p12]
Encountered PKCS#12 password authenticated envelope =
Certificate = |
SerialNumber = 3 |
SubjectName = <CN=vpn100, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE> |
IssuerName = <CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE> |
Validity = |
NotBefore = 2006 Jan 3rd, 08:31:23 GMT |
NotAfter = 2008 Jan 3rd, 08:31:23 GMT |
PublicKeyInfo = |
Algorithm name (X.509) : rsaEncryption |
Modulus n (1024 bits) : |
1144646100585592664812177391569616946423366771377744314309158422821 |
1783525714534850159341145407687004995040109692321982937220065693776 v
IMPORT CANCEL
_______________________________________________________________________________
Mit Import wird das Zertifikat endgültig im Router installiert.
Nach dem Import kommt wieder die Get Certificate-Maske. Diese bitte mit EXIT beenden.
Nach dem Import kommt wieder die Get Certificate-Maske. Diese bitte mit EXIT beenden.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[GETCERT]: IPsec Configuration - Get Certificate vpn100
_______________________________________________________________________________
Import a Certificate/CRL using: TFTP
Type of certificate: Own Certificate
Server:
Name: auto
START EXIT
_______________________________________________________________________________
[GETCERT]: IPsec Configuration - Get Certificate vpn100
_______________________________________________________________________________
Import a Certificate/CRL using: TFTP
Type of certificate: Own Certificate
Server:
Name: auto
START EXIT
_______________________________________________________________________________
Nun kommt die Eingabe Maske des Wizard wieder.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
Currently set to "Pre Shared Keys" ^
Changed from current: PSK to RSA Signature |
+ Check IPSEC Default Local ID ... |
Using Local ID from Certificate |
+ Check for public key pair ... |
found one key: |
RSA 1024bit Exponent: 65537 ("vpn100.p12") |
+ Check for own Certificate ... |
Certificate Enrollment skipped =
Import new own Certificate ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
Currently set to "Pre Shared Keys" ^
Changed from current: PSK to RSA Signature |
+ Check IPSEC Default Local ID ... |
Using Local ID from Certificate |
+ Check for public key pair ... |
found one key: |
RSA 1024bit Exponent: 65537 ("vpn100.p12") |
+ Check for own Certificate ... |
Certificate Enrollment skipped =
Import new own Certificate ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Jetzt muss man hier allerdings noch einmal Import new own Certificate kurz mit START bestätigen - und dann gleich zurück mit EXIT.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
(null) ^
+ Check for CA Certificate ... |
At least one CA Certificate already exists: |
Subject "CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE" |
Algorithm: rsaEncryption, Modulus: 2048 bits, Exponent: 17 bits |
Validity |
Tue Jan 3 8:31:23 2006 |
Tue Jan 3 8:31:23 2006 |
! WARNING: No CRL Distribution Point contained! =
Import new CA Certificate ? skip
(optional) (<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
[WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
(null) ^
+ Check for CA Certificate ... |
At least one CA Certificate already exists: |
Subject "CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE" |
Algorithm: rsaEncryption, Modulus: 2048 bits, Exponent: 17 bits |
Validity |
Tue Jan 3 8:31:23 2006 |
Tue Jan 3 8:31:23 2006 |
! WARNING: No CRL Distribution Point contained! =
Import new CA Certificate ? skip
(optional) (<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Hier jetzt SKIP bestätigen. Da PKCS#12 Zertifikate das CA-Zertifikat enthalten, kann man hier SKIP auswählen. Im Container PKCS#12 sind Private Key, Eigenes Zertifikat und CA-Root Zertifikat enthalten.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
At least one CA Certificate already exists: ^
Subject "CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE" |
Algorithm: rsaEncryption, Modulus: 2048 bits, Exponent: 17 bits |
Validity |
Tue Jan 3 8:31:23 2006 |
Tue Jan 3 8:31:23 2006 |
! WARNING: No CRL Distribution Point contained! |
Import of CA Certificate skipped |
+ Check for Certificate Server ... =
Get Certificate Server for retrieval of CRLs ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
[WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
At least one CA Certificate already exists: ^
Subject "CN=linuxCA, OU=Support, O=Funkwerk-EC, ST=Bavaria, C=DE" |
Algorithm: rsaEncryption, Modulus: 2048 bits, Exponent: 17 bits |
Validity |
Tue Jan 3 8:31:23 2006 |
Tue Jan 3 8:31:23 2006 |
! WARNING: No CRL Distribution Point contained! |
Import of CA Certificate skipped |
+ Check for Certificate Server ... =
Get Certificate Server for retrieval of CRLs ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Bei Get Certificate Server for retrieval of CRLs SKIP auswählen.
Nun wird der Peer konfiguriert.
Nun wird der Peer konfiguriert.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
+ Check pre-IPsec rules ... ^
Pre-IPsec rule list now initialised to rule for passing IKE Traffic |
+ Check Global Default Rule ... |
Global Default Rule is changed to "pass" |
! CAUTION: |
Brick now prepared for IPsec enabled standard router. |
Further configuration is required for an IPsec only router! |
+ Check for Peer ... |
IPSEC enabled =
Configure Peer ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
[WIZARD]: IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
+ Check pre-IPsec rules ... ^
Pre-IPsec rule list now initialised to rule for passing IKE Traffic |
+ Check Global Default Rule ... |
Global Default Rule is changed to "pass" |
! CAUTION: |
Brick now prepared for IPsec enabled standard router. |
Further configuration is required for an IPsec only router! |
+ Check for Peer ... |
IPSEC enabled =
Configure Peer ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Mit Start kommt man ins Configure Peer Menü.
Hier müssen Sie dann folgende Einstellungen vornehmen:
Peer Address: z.B. 172.16.64.94
Peer IDs: Die Eingabe muss bei Zertifikaten in < > stehen und zwar der SubjectName oder auch ASN.1.
Virtual Interface: yes
Hier müssen Sie dann folgende Einstellungen vornehmen:
Peer Address: z.B. 172.16.64.94
Peer IDs: Die Eingabe muss bei Zertifikaten in < > stehen und zwar der SubjectName oder auch ASN.1.
Virtual Interface: yes
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[WIZARD][PEER]: IPsec Wizard - Configure Peer vpn100
_______________________________________________________________________________
Description: VPN_IPSEC_PKCS12
Admin Status: up
Peer Address: 172.16.64.94
Peer IDs: <CN=vpn25, OU=Support, O=Funkwerk-EC, ST=Bava
IPSec Callback: no
Virtual Interface: yes
SAVE CANCEL
_______________________________________________________________________________
[WIZARD][PEER]: IPsec Wizard - Configure Peer vpn100
_______________________________________________________________________________
Description: VPN_IPSEC_PKCS12
Admin Status: up
Peer Address: 172.16.64.94
Peer IDs: <CN=vpn25, OU=Support, O=Funkwerk-EC, ST=Bava
IPSec Callback: no
Virtual Interface: yes
SAVE CANCEL
_______________________________________________________________________________
Mit SAVE die Eingaben übernehmen.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
Global Default Rule is changed to "pass" ^
! CAUTION: |
Brick now prepared for IPsec enabled standard router. |
Further configuration is required for an IPsec only router! |
+ Check for Peer ... |
IPSEC enabled |
IPSEC already enabled |
+ Check for ISDN Callback configuration ... |
+ Check for Peer Virtual interface ... =
Configure Virtual interface ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
Global Default Rule is changed to "pass" ^
! CAUTION: |
Brick now prepared for IPsec enabled standard router. |
Further configuration is required for an IPsec only router! |
+ Check for Peer ... |
IPSEC enabled |
IPSEC already enabled |
+ Check for ISDN Callback configuration ... |
+ Check for Peer Virtual interface ... =
Configure Virtual interface ? start
(<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Jetzt wieder mit RETURN bestätigen.
Hier wird nun das Remote Netzwerk eingetragen. In unserem Beispiel: Local 192.168.100.0/24, Remote 192.168.1.0/24.
Hier wird nun das Remote Netzwerk eingetragen. In unserem Beispiel: Local 192.168.100.0/24, Remote 192.168.1.0/24.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][WIZARD][GETCERT][IP][BASIC]: IP-Settings (VPN_IPSEC_PKCS12) vpn100
_______________________________________________________________________________
IP Transit Network no
Local IP Address 192.168.100.1
Default Route no
Remote IP Address 192.168.1.0
Remote Netmask 255.255.255.0
SAVE CANCEL
_______________________________________________________________________________
[IPSEC][WIZARD][GETCERT][IP][BASIC]: IP-Settings (VPN_IPSEC_PKCS12) vpn100
_______________________________________________________________________________
IP Transit Network no
Local IP Address 192.168.100.1
Default Route no
Remote IP Address 192.168.1.0
Remote Netmask 255.255.255.0
SAVE CANCEL
_______________________________________________________________________________
Mit SAVE bestätigen.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[WIZARD][PEER][GETCERT][IP]: IP Settings (VPN_IPSEC_PKCS12) vpn100
_______________________________________________________________________________
Basic IP-Settings >
More Routing >
Advanced Settings >
EXIT
_______________________________________________________________________________
[WIZARD][PEER][GETCERT][IP]: IP Settings (VPN_IPSEC_PKCS12) vpn100
_______________________________________________________________________________
Basic IP-Settings >
More Routing >
Advanced Settings >
EXIT
_______________________________________________________________________________
Hier einfach mit EXIT zurück.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
Further configuration is required for an IPsec only router! ^
+ Check for Peer ... |
IPSEC enabled |
IPSEC already enabled |
+ Check for ISDN Callback configuration ... |
+ Check for Peer Virtual interface ... |
Virtual interface now configured |
+ Check for Peer Traffic ... |
= IPsec Wizard finished = =
What to do? clear config
(create syslog messages for configuration history) (<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
IPsec Configuration - Wizard Menu vpn100
_______________________________________________________________________________
IPsec 1st step configurations wizard
Configuration History:
Further configuration is required for an IPsec only router! ^
+ Check for Peer ... |
IPSEC enabled |
IPSEC already enabled |
+ Check for ISDN Callback configuration ... |
+ Check for Peer Virtual interface ... |
Virtual interface now configured |
+ Check for Peer Traffic ... |
= IPsec Wizard finished = =
What to do? clear config
(create syslog messages for configuration history) (<Space> to choose)
(<Return> to select)
Exit
_______________________________________________________________________________
Hier muss EXIT bestätigt werden. Die Erstkonfiguration mit dem IPSec Wizard ist nun beendet.
3. Feineinstellung des IPSec Peers
Zur IKE Profile Anpassung bitte jetzt im IPSec Main Menu bei IKE (Phase 1) Defaults das Feld EDIT auswählen.
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][PHASE1]: IPsec Configuration - Phase 1 Profiles vpn100
_______________________________________________________________________________
H: Heartbeat Setting N: None S: Send E: Expect B: Both D: Default
Auth: Authentication PSK: Pre Shared Keys RSA-S: RSA Signatures
DSS: DSS RSA-E: RSA Encryption
Mode: Phase 1 Mode ID-Pr: ID Protect Aggr: Aggressive
Description Proposal Lifetime Group H Auth Mode
*autogenerated* Blowfish/MD5 default 2 A RSA-S ID-Pr
ADD DELETE EXIT
_______________________________________________________________________________
[IPSEC][PHASE1]: IPsec Configuration - Phase 1 Profiles vpn100
_______________________________________________________________________________
H: Heartbeat Setting N: None S: Send E: Expect B: Both D: Default
Auth: Authentication PSK: Pre Shared Keys RSA-S: RSA Signatures
DSS: DSS RSA-E: RSA Encryption
Mode: Phase 1 Mode ID-Pr: ID Protect Aggr: Aggressive
Description Proposal Lifetime Group H Auth Mode
*autogenerated* Blowfish/MD5 default 2 A RSA-S ID-Pr
ADD DELETE EXIT
_______________________________________________________________________________
Dort dann das Profile *autogenerated* auswählen und wie folgt einstellen:
VPN Access 100 Setup Tool BinTec Access Networks GmbH
[IPSEC][PHASE1][EDIT] vpn100
_______________________________________________________________________________
Description (Idx 1) : *autogenerated*
Proposal : 19 (Rijndael/MD5)
Lifetime : use default
Group &nbs
[IPSEC][PHASE1][EDIT] vpn100
_______________________________________________________________________________
Description (Idx 1) : *autogenerated*
Proposal : 19 (Rijndael/MD5)
Lifetime : use default
Group &nbs