notempty Dieser Artikel bezieht sich auf eine nicht mehr aktuelle Version!
notempty Der Artikel für die neueste Version steht hier
notempty Zu diesem Artikel gibt es bereits eine neuere Version, die sich allerdings auf eine Reseller-Preview bezieht
Warnung: Der Anzeigetitel „“ überschreibt den früheren Anzeigetitel „IPSec Site-to-Site“.
12.2
|
|
|
|
[[Datei: ]]
|
Site to Site |
|
|
|
- || IPSec S2S || || class="bild width-m" rowspan="5" | [[Datei: ]]
|
- || PSK ||
|
PSK
- || 12345 ||
|
X.509 X.509 Zertifikat: |
|
|
|
IKE v1IKE v2 |
RSA
|
|
|
|
LAN1 |
|
[[Datei: ]]
|
RSA
- || RSA-Site2Site ||
|
- || » ✕192.168.122.0/24 ||
|
|
- || 192.0.2.192 || || class="bild width-m" rowspan="4" | [[Datei: ]]
|
- || 192.0.2.192 ||
|
RSA
- || RSA-Site2Site ||
|
- || » ✕192.168.192.0/24 ||
|
|
|
|
|
[[Datei: ]]
|
|
'
|
root@firewall:~# swanctl --list-conns
IPSec$20S2S: IKEv2, reauthentication every 3060s, no rekeying, dpd delay 10s
local: %any
remote: 192.0.2.192
local pre-shared key authentication:
id: 192.168.175.218
remote pre-shared key authentication:
id: 192.0.2.192
IPSec$20S2S: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.218.0/24 192.168.219.0/24
remote: 192.168.192.0/24 192.168.193.0/24
root@firewall:~# swanctl --list-conns
IPSec$20S2S: IKEv2, reauthentication every 3060s, no rekeying, dpd delay 10s
local: %any
remote: 192.0.2.192
local pre-shared key authentication:
id: 192.168.175.218
remote pre-shared key authentication:
id: 192.0.2.192
IPSec$20S2S_4: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.218.0/24
remote: 192.168.192.0/24
IPSec$20S2S_5: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.218.0/24
remote: 192.168.193.0/24
IPSec$20S2S_6: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.219.0/24
remote: 192.168.192.0/24
IPSec$20S2S_7: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.219.0/24
remote: 192.168.193.0/24
|
[[Datei: ]]
|
|
'
|
root@firewall:~# swanctl --list-conns
IPSec$20S2S: IKEv2, reauthentication every 3060s, no rekeying, dpd delay 10s
local: %any
remote: 192.0.2.192
local pre-shared key authentication:
id: 192.168.175.218
remote pre-shared key authentication:
id: 192.0.2.192
IPSec$20S2S: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.218.0/24 192.168.219.0/24
remote: 192.168.192.0/24 192.168.193.0/24
root@firewall:~# swanctl --list-conns
IPSec$20S2S: IKEv2, reauthentication every 3060s, no rekeying, dpd delay 10s
local: %any
remote: 192.0.2.192
local pre-shared key authentication:
id: 192.168.175.218
remote pre-shared key authentication:
id: 192.0.2.192
IPSec$20S2S_4: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.218.0/24
remote: 192.168.192.0/24
IPSec$20S2S_5: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.218.0/24
remote: 192.168.193.0/24
IPSec$20S2S_6: TUNNEL, rekeying every 28260s, dpd action is restart
local: 192.168.219.0/24
remote: 192.168.192.0/24
|
[[Datei: ]]
|
|
|
|
|
|
- || IPSec-S2S || || class="bild width-m" rowspan="5" | [[Datei: ]]
|
- || ||
|
- || 192.168.192.0/24 ||
|
- || vpn-ipsec ||
|
- || ||
|
|
|
|
[[Datei: ]]
|
|
'
|
|
internal-network |
|
|
|
|
|
|
|
NAT
|
Hidenat Exclude |
|
|
external-interface |
|
'
|
|
|
|
|
internal-network |
|
|
|
|
NAT |
|
|
[[Datei: |hochkant=2|mini| ]]