1 ###########################################################################
2 # IPSEC-SECGW Endpoint1 sample configuration
4 # The main purpose of this file is to show how to configure two systems
5 # back-to-back that would forward traffic through an IPsec tunnel. This
6 # file is the Endpoint1 configuration. To use this configuration file,
7 # add the following command-line option:
11 ###########################################################################
14 sp ipv4 in esp protect 5 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535
15 sp ipv4 in esp protect 6 pri 1 dst 192.168.106.0/24 sport 0:65535 dport 0:65535
16 sp ipv4 in esp protect 10 pri 1 dst 192.168.175.0/24 sport 0:65535 dport 0:65535
17 sp ipv4 in esp protect 11 pri 1 dst 192.168.176.0/24 sport 0:65535 dport 0:65535
18 sp ipv4 in esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
19 sp ipv4 in esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
20 sp ipv4 in esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
21 sp ipv4 in esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
22 sp ipv4 in esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
23 sp ipv4 in esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
25 sp ipv4 out esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
26 sp ipv4 out esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
27 sp ipv4 out esp protect 110 pri 1 dst 192.168.185.0/24 sport 0:65535 dport 0:65535
28 sp ipv4 out esp protect 111 pri 1 dst 192.168.186.0/24 sport 0:65535 dport 0:65535
29 sp ipv4 out esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
30 sp ipv4 out esp protect 116 pri 1 dst 192.168.211.0/24 sport 0:65535 dport 0:65535
31 sp ipv4 out esp protect 115 pri 1 dst 192.168.210.0/24 sport 0:65535 dport 0:65535
32 sp ipv4 out esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
33 sp ipv4 out esp protect 125 pri 1 dst 192.168.65.0/24 sport 0:65535 dport 0:65535
34 sp ipv4 out esp protect 126 pri 1 dst 192.168.66.0/24 sport 0:65535 dport 0:65535
35 sp ipv4 out esp bypass pri 1 dst 192.168.245.0/24 sport 0:65535 dport 0:65535
36 sp ipv4 out esp bypass pri 1 dst 192.168.246.0/24 sport 0:65535 dport 0:65535
39 sp ipv6 in esp protect 5 pri 1 dst 0000:0000:0000:0000:5555:5555:0000:0000/96 \
40 sport 0:65535 dport 0:65535
41 sp ipv6 in esp protect 6 pri 1 dst 0000:0000:0000:0000:6666:6666:0000:0000/96 \
42 sport 0:65535 dport 0:65535
43 sp ipv6 in esp protect 10 pri 1 dst 0000:0000:1111:1111:0000:0000:0000:0000/96 \
44 sport 0:65535 dport 0:65535
45 sp ipv6 in esp protect 11 pri 1 dst 0000:0000:1111:1111:1111:1111:0000:0000/96 \
46 sport 0:65535 dport 0:65535
47 sp ipv6 in esp protect 25 pri 1 dst 0000:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
48 sport 0:65535 dport 0:65535
49 sp ipv6 in esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
50 sport 0:65535 dport 0:65535
52 sp ipv6 out esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96 \
53 sport 0:65535 dport 0:65535
54 sp ipv6 out esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96 \
55 sport 0:65535 dport 0:65535
56 sp ipv6 out esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
57 sport 0:65535 dport 0:65535
58 sp ipv6 out esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
59 sport 0:65535 dport 0:65535
60 sp ipv6 out esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
61 sport 0:65535 dport 0:65535
62 sp ipv6 out esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
63 sport 0:65535 dport 0:65535
66 sa in 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
67 auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
68 mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5
70 sa in 6 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
71 a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
72 a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.1.6 dst 172.16.2.6
74 sa in 10 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
75 a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
76 a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
78 sa in 11 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
79 b2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
80 b2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
82 sa in 15 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.5 \
85 sa in 16 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.1.6 \
88 sa in 25 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
89 c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
90 c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
91 src 1111:1111:1111:1111:1111:1111:1111:5555 \
92 dst 2222:2222:2222:2222:2222:2222:2222:5555
94 sa in 26 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
95 4d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
96 4d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
97 src 1111:1111:1111:1111:1111:1111:1111:6666 \
98 dst 2222:2222:2222:2222:2222:2222:2222:6666
100 sa out 105 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
101 auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
102 mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
104 sa out 106 cipher_algo aes-128-cbc cipher_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
105 a0:a0:a0:a0:a0 auth_algo sha1-hmac auth_key a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:a0:\
106 a0:a0:a0:a0:a0:a0:a0:a0:a0 mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
108 sa out 110 cipher_algo aes-128-cbc cipher_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
109 a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\
110 a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport
112 sa out 111 cipher_algo aes-128-cbc cipher_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
113 b2:b2:b2:b2:b2 auth_algo sha1-hmac auth_key b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:b2:\
114 b2:b2:b2:b2:b2:b2:b2:b2:b2 mode transport
116 sa out 115 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.5 \
119 sa out 116 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.6 dst 172.16.1.6
121 sa out 125 cipher_algo aes-128-cbc cipher_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
122 c3:c3:c3:c3:c3 auth_algo sha1-hmac auth_key c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:c3:\
123 c3:c3:c3:c3:c3:c3:c3:c3:c3 mode ipv6-tunnel \
124 src 2222:2222:2222:2222:2222:2222:2222:5555 \
125 dst 1111:1111:1111:1111:1111:1111:1111:5555
127 sa out 126 cipher_algo aes-128-cbc cipher_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
128 4d:4d:4d:4d:4d auth_algo sha1-hmac auth_key 4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:4d:\
129 4d:4d:4d:4d:4d:4d:4d:4d:4d mode ipv6-tunnel \
130 src 2222:2222:2222:2222:2222:2222:2222:6666 \
131 dst 1111:1111:1111:1111:1111:1111:1111:6666
134 rt ipv4 dst 172.16.1.5/32 port 0
135 rt ipv4 dst 172.16.1.6/32 port 1
136 rt ipv4 dst 192.168.185.0/24 port 0
137 rt ipv4 dst 192.168.186.0/24 port 1
138 rt ipv4 dst 192.168.245.0/24 port 0
139 rt ipv4 dst 192.168.246.0/24 port 1
140 rt ipv4 dst 192.168.105.0/24 port 2
141 rt ipv4 dst 192.168.106.0/24 port 3
142 rt ipv4 dst 192.168.55.0/24 port 2
143 rt ipv4 dst 192.168.56.0/24 port 3
144 rt ipv4 dst 192.168.175.0/24 port 2
145 rt ipv4 dst 192.168.176.0/24 port 3
146 rt ipv4 dst 192.168.200.0/24 port 2
147 rt ipv4 dst 192.168.201.0/24 port 3
148 rt ipv4 dst 192.168.240.0/24 port 2
149 rt ipv4 dst 192.168.241.0/24 port 3
151 rt ipv6 dst 1111:1111:1111:1111:1111:1111:1111:5555/116 port 0
152 rt ipv6 dst 1111:1111:1111:1111:1111:1111:1111:6666/116 port 1
153 rt ipv6 dst ffff:0000:1111:1111:0000:0000:0000:0000/116 port 0
154 rt ipv6 dst ffff:0000:1111:1111:1111:1111:0000:0000/116 port 1
155 rt ipv6 dst 0000:0000:0000:0000:aaaa:aaaa:0000:0000/116 port 2
156 rt ipv6 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/116 port 3
157 rt ipv6 dst 0000:0000:0000:0000:5555:5555:0000:0000/116 port 2
158 rt ipv6 dst 0000:0000:0000:0000:6666:6666:0000:0000/116 port 3
159 rt ipv6 dst 0000:0000:1111:1111:0000:0000:0000:0000/116 port 2
160 rt ipv6 dst 0000:0000:1111:1111:1111:1111:0000:0000/116 port 3