IKEv1 Legacy Configuration Examples » History » Version 7
Version 6 (Andreas Steffen, 12.04.2021 14:38) → Version 7/8 (Andreas Steffen, 21.05.2021 13:10)
h1. IKEv1 Legacy Configuration Examples
These example scenarios use the deprecated stroke management interface.
h2. Remote Access
|RSA authentication with X.509 certificates |{{tc_dr(ikev1-stroke/rw-cert,IPv4)}} |{{tc(ikev1/rw-cert,IPv4)}} |{{tc(ipv6-stroke/rw-ikev1,IPv6)}} |{{tc_dr(ikev1-stroke/nat-rw,NAT)}} |{{tc(ikev1/nat-rw,NAT)}} |
|PSK authentication with pre-shared keys (IP) |{{tc_dr(ikev1-stroke/rw-psk-ipv4,IPv4)}} |{{tc(ikev1/rw-psk-ipv4,IPv4)}} |{{tc(ipv6-stroke/rw-psk-ikev1,IPv6)}} | |
|PSK authentication with pre-shared keys (FQDN) |{{tc_dr(ikev1-stroke/rw-psk-fqdn,IPv4)}} (FQDN)|{{tc(ikev1/rw-psk-fqdn,IPv4)}} | | |
|RSA with XAUTH authentication |{{tc_dr(ikev1-stroke/xauth-rsa,IPv4)}} |{{tc(ikev1/xauth-rsa,IPv4)}} | | |
|PSK with XAUTH authentication |{{tc_dr(ikev1-stroke/xauth-psk,IPv4)}} |{{tc(ikev1/xauth-psk,IPv4)}} | | |
|Hybrid RSA (server) / XAUTH (client) authentication|{{tc_dr(ikev1-stroke/xauth-id-rsa-hybrid,IPv4)}}| authentication |{{tc(ikev1/xauth-id-rsa-hybrid,IPv4)}} | |
|
h2. Remote Access with Virtual IP Adresses
|RAM-based server-side virtual IP pool |{{tc_dr(ikev1-stroke/ip-pool,IPv4)}} |{{tc(ikev1/ip-pool,IPv4)}} |
|DB-based server-side virtual IP pool |{{tc_dr(ikev1-stroke/ip-pool-db,IPv4)}} |{{tc(ikev1/ip-pool-db,IPv4)}} |
|Static server-side virtual IP addresses |{{tc_dr(ikev1-stroke/config-payload,IPv4)}} |{{tc(ikev1/config-payload,IPv4)}} |
|Static server-side virtual IP addresses in push mode |{{tc_dr(ikev1-stroke/config-payload-push,IPv4)}} |{{tc(ikev1/config-payload-push,IPv4)}} |
|Static client-side virtual IP addresses |{{tc_dr(ikev1-stroke/virtual-ip,IPv4)}} |{{tc(ikev1/virtual-ip,IPv4)}} |
|RSA with XAUTH authentication and virtual IP addresses |{{tc_dr(ikev1-stroke/xauth-id-rsa-config,IPv4)}} |{{tc(ikev1/xauth-id-rsa-config,IPv4)}} |
|PSK with XAUTH authentication and virtual IP addresses |{{tc_dr(ikev1-stroke/xauth-id-psk-config,IPv4)}} |{{tc(ikev1/xauth-id-psk-config,IPv4)}} |
h2. Site-to-Site
|RSA authentication with X.509 certificates |{{tc_dr(ikev1-stroke/net2net-cert,IPv4)}} |{{tc(ikev1/net2net-cert,IPv4)}} |{{tc(ipv6-stroke/net2net-ikev1,IPv6)}} |
|PSK authentication with pre-shared keys |{{tc_dr(ikev1-stroke/net2net-psk,IPv4)}} |{{tc(ikev1/net2net-psk,IPv4)}} | |
h2. Host-to-Host
|IPsec tunnel mode with X.509 certificates |{{tc_dr(ikev1-stroke/host2host-cert,IPv4)}} |{{tc(ikev1/host2host-cert,IPv4)}} |{{tc(ipv6-stroke/host2host-ikev1,IPv6)}} |
|IPsec transport mode with X.509 certificates |{{tc_dr(ikev1-stroke/host2host-transport,IPv4)}} |{{tc(ikev1/host2host-transport,IPv4)}} |{{tc(ipv6-stroke/transport-ikev1,IPv6)}} |
h2. IP Protocol and Port Policies
|IPsec tunnel restricted to ICMP and ssh protocols |{{tc_dr(ikev1-stroke/protoport-dual,IPv4)}} |{{tc(ikev1/protoport-dual,IPv4)}} |
h2. Complete List
{{tc_dr(ikev1-stroke,All {{tc(ikev1,All IKEv1 legacy test scenarios)}}
These example scenarios use the deprecated stroke management interface.
h2. Remote Access
|RSA authentication with X.509 certificates |{{tc_dr(ikev1-stroke/rw-cert,IPv4)}} |{{tc(ikev1/rw-cert,IPv4)}} |{{tc(ipv6-stroke/rw-ikev1,IPv6)}} |{{tc_dr(ikev1-stroke/nat-rw,NAT)}} |{{tc(ikev1/nat-rw,NAT)}} |
|PSK authentication with pre-shared keys (IP) |{{tc_dr(ikev1-stroke/rw-psk-ipv4,IPv4)}} |{{tc(ikev1/rw-psk-ipv4,IPv4)}} |{{tc(ipv6-stroke/rw-psk-ikev1,IPv6)}} | |
|PSK authentication with pre-shared keys (FQDN) |{{tc_dr(ikev1-stroke/rw-psk-fqdn,IPv4)}} (FQDN)|{{tc(ikev1/rw-psk-fqdn,IPv4)}} | | |
|RSA with XAUTH authentication |{{tc_dr(ikev1-stroke/xauth-rsa,IPv4)}} |{{tc(ikev1/xauth-rsa,IPv4)}} | | |
|PSK with XAUTH authentication |{{tc_dr(ikev1-stroke/xauth-psk,IPv4)}} |{{tc(ikev1/xauth-psk,IPv4)}} | | |
|Hybrid RSA (server) / XAUTH (client) authentication|{{tc_dr(ikev1-stroke/xauth-id-rsa-hybrid,IPv4)}}| authentication |{{tc(ikev1/xauth-id-rsa-hybrid,IPv4)}} | |
|
h2. Remote Access with Virtual IP Adresses
|RAM-based server-side virtual IP pool |{{tc_dr(ikev1-stroke/ip-pool,IPv4)}} |{{tc(ikev1/ip-pool,IPv4)}} |
|DB-based server-side virtual IP pool |{{tc_dr(ikev1-stroke/ip-pool-db,IPv4)}} |{{tc(ikev1/ip-pool-db,IPv4)}} |
|Static server-side virtual IP addresses |{{tc_dr(ikev1-stroke/config-payload,IPv4)}} |{{tc(ikev1/config-payload,IPv4)}} |
|Static server-side virtual IP addresses in push mode |{{tc_dr(ikev1-stroke/config-payload-push,IPv4)}} |{{tc(ikev1/config-payload-push,IPv4)}} |
|Static client-side virtual IP addresses |{{tc_dr(ikev1-stroke/virtual-ip,IPv4)}} |{{tc(ikev1/virtual-ip,IPv4)}} |
|RSA with XAUTH authentication and virtual IP addresses |{{tc_dr(ikev1-stroke/xauth-id-rsa-config,IPv4)}} |{{tc(ikev1/xauth-id-rsa-config,IPv4)}} |
|PSK with XAUTH authentication and virtual IP addresses |{{tc_dr(ikev1-stroke/xauth-id-psk-config,IPv4)}} |{{tc(ikev1/xauth-id-psk-config,IPv4)}} |
h2. Site-to-Site
|RSA authentication with X.509 certificates |{{tc_dr(ikev1-stroke/net2net-cert,IPv4)}} |{{tc(ikev1/net2net-cert,IPv4)}} |{{tc(ipv6-stroke/net2net-ikev1,IPv6)}} |
|PSK authentication with pre-shared keys |{{tc_dr(ikev1-stroke/net2net-psk,IPv4)}} |{{tc(ikev1/net2net-psk,IPv4)}} | |
h2. Host-to-Host
|IPsec tunnel mode with X.509 certificates |{{tc_dr(ikev1-stroke/host2host-cert,IPv4)}} |{{tc(ikev1/host2host-cert,IPv4)}} |{{tc(ipv6-stroke/host2host-ikev1,IPv6)}} |
|IPsec transport mode with X.509 certificates |{{tc_dr(ikev1-stroke/host2host-transport,IPv4)}} |{{tc(ikev1/host2host-transport,IPv4)}} |{{tc(ipv6-stroke/transport-ikev1,IPv6)}} |
h2. IP Protocol and Port Policies
|IPsec tunnel restricted to ICMP and ssh protocols |{{tc_dr(ikev1-stroke/protoport-dual,IPv4)}} |{{tc(ikev1/protoport-dual,IPv4)}} |
h2. Complete List
{{tc_dr(ikev1-stroke,All {{tc(ikev1,All IKEv1 legacy test scenarios)}}