xref: /openbsd/regress/sbin/ipsecctl/ike14.ok (revision fe0dc84e) 
1FROM = "{ 2.2.2.0/24, 3.3.3.0/24, 4.4.4.0/24 }"
2TO = "{ 5.5.5.0/24, 6.6.6.0/24, 7.7.7.0/24 }"
3C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
4C set [peer-1.1.1.1]:Phase=1 force
5C set [peer-1.1.1.1]:Address=1.1.1.1 force
6C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
7C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
8C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
9C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
10C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
11C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
12C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
13C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
14C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
15C set [from-2.2.2.0/24-to-5.5.5.0/24]:Phase=2 force
16C set [from-2.2.2.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
17C set [from-2.2.2.0/24-to-5.5.5.0/24]:Configuration=phase2-from-2.2.2.0/24-to-5.5.5.0/24 force
18C set [from-2.2.2.0/24-to-5.5.5.0/24]:Local-ID=from-2.2.2.0/24 force
19C set [from-2.2.2.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
20C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
21C set [phase2-from-2.2.2.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24 force
22C set [phase2-suite-from-2.2.2.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24 force
23C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
24C set [phase2-protocol-from-2.2.2.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
25C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
26C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
27C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
28C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
29C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
30C set [phase2-transform-from-2.2.2.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
31C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
32C set [from-2.2.2.0/24]:Network=2.2.2.0 force
33C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
34C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
35C set [to-5.5.5.0/24]:Network=5.5.5.0 force
36C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
37C add [Phase 2]:Connections=from-2.2.2.0/24-to-5.5.5.0/24
38C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
39C set [peer-1.1.1.1]:Phase=1 force
40C set [peer-1.1.1.1]:Address=1.1.1.1 force
41C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
42C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
43C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
44C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
45C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
46C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
47C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
48C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
49C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
50C set [from-2.2.2.0/24-to-6.6.6.0/24]:Phase=2 force
51C set [from-2.2.2.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
52C set [from-2.2.2.0/24-to-6.6.6.0/24]:Configuration=phase2-from-2.2.2.0/24-to-6.6.6.0/24 force
53C set [from-2.2.2.0/24-to-6.6.6.0/24]:Local-ID=from-2.2.2.0/24 force
54C set [from-2.2.2.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
55C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
56C set [phase2-from-2.2.2.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24 force
57C set [phase2-suite-from-2.2.2.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24 force
58C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
59C set [phase2-protocol-from-2.2.2.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
60C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
61C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
62C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
63C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
64C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
65C set [phase2-transform-from-2.2.2.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
66C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
67C set [from-2.2.2.0/24]:Network=2.2.2.0 force
68C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
69C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
70C set [to-6.6.6.0/24]:Network=6.6.6.0 force
71C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
72C add [Phase 2]:Connections=from-2.2.2.0/24-to-6.6.6.0/24
73C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
74C set [peer-1.1.1.1]:Phase=1 force
75C set [peer-1.1.1.1]:Address=1.1.1.1 force
76C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
77C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
78C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
79C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
80C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
81C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
82C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
83C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
84C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
85C set [from-2.2.2.0/24-to-7.7.7.0/24]:Phase=2 force
86C set [from-2.2.2.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
87C set [from-2.2.2.0/24-to-7.7.7.0/24]:Configuration=phase2-from-2.2.2.0/24-to-7.7.7.0/24 force
88C set [from-2.2.2.0/24-to-7.7.7.0/24]:Local-ID=from-2.2.2.0/24 force
89C set [from-2.2.2.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
90C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
91C set [phase2-from-2.2.2.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24 force
92C set [phase2-suite-from-2.2.2.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24 force
93C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
94C set [phase2-protocol-from-2.2.2.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
95C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
96C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
97C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
98C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
99C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
100C set [phase2-transform-from-2.2.2.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
101C set [from-2.2.2.0/24]:ID-type=IPV4_ADDR_SUBNET force
102C set [from-2.2.2.0/24]:Network=2.2.2.0 force
103C set [from-2.2.2.0/24]:Netmask=255.255.255.0 force
104C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
105C set [to-7.7.7.0/24]:Network=7.7.7.0 force
106C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
107C add [Phase 2]:Connections=from-2.2.2.0/24-to-7.7.7.0/24
108C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
109C set [peer-1.1.1.1]:Phase=1 force
110C set [peer-1.1.1.1]:Address=1.1.1.1 force
111C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
112C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
113C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
114C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
115C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
116C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
117C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
118C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
119C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
120C set [from-3.3.3.0/24-to-5.5.5.0/24]:Phase=2 force
121C set [from-3.3.3.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
122C set [from-3.3.3.0/24-to-5.5.5.0/24]:Configuration=phase2-from-3.3.3.0/24-to-5.5.5.0/24 force
123C set [from-3.3.3.0/24-to-5.5.5.0/24]:Local-ID=from-3.3.3.0/24 force
124C set [from-3.3.3.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
125C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
126C set [phase2-from-3.3.3.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24 force
127C set [phase2-suite-from-3.3.3.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24 force
128C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
129C set [phase2-protocol-from-3.3.3.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
130C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
131C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
132C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
133C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
134C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
135C set [phase2-transform-from-3.3.3.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
136C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
137C set [from-3.3.3.0/24]:Network=3.3.3.0 force
138C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
139C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
140C set [to-5.5.5.0/24]:Network=5.5.5.0 force
141C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
142C add [Phase 2]:Connections=from-3.3.3.0/24-to-5.5.5.0/24
143C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
144C set [peer-1.1.1.1]:Phase=1 force
145C set [peer-1.1.1.1]:Address=1.1.1.1 force
146C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
147C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
148C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
149C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
150C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
151C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
152C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
153C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
154C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
155C set [from-3.3.3.0/24-to-6.6.6.0/24]:Phase=2 force
156C set [from-3.3.3.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
157C set [from-3.3.3.0/24-to-6.6.6.0/24]:Configuration=phase2-from-3.3.3.0/24-to-6.6.6.0/24 force
158C set [from-3.3.3.0/24-to-6.6.6.0/24]:Local-ID=from-3.3.3.0/24 force
159C set [from-3.3.3.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
160C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
161C set [phase2-from-3.3.3.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24 force
162C set [phase2-suite-from-3.3.3.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24 force
163C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
164C set [phase2-protocol-from-3.3.3.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
165C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
166C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
167C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
168C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
169C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
170C set [phase2-transform-from-3.3.3.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
171C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
172C set [from-3.3.3.0/24]:Network=3.3.3.0 force
173C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
174C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
175C set [to-6.6.6.0/24]:Network=6.6.6.0 force
176C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
177C add [Phase 2]:Connections=from-3.3.3.0/24-to-6.6.6.0/24
178C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
179C set [peer-1.1.1.1]:Phase=1 force
180C set [peer-1.1.1.1]:Address=1.1.1.1 force
181C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
182C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
183C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
184C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
185C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
186C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
187C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
188C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
189C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
190C set [from-3.3.3.0/24-to-7.7.7.0/24]:Phase=2 force
191C set [from-3.3.3.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
192C set [from-3.3.3.0/24-to-7.7.7.0/24]:Configuration=phase2-from-3.3.3.0/24-to-7.7.7.0/24 force
193C set [from-3.3.3.0/24-to-7.7.7.0/24]:Local-ID=from-3.3.3.0/24 force
194C set [from-3.3.3.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
195C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
196C set [phase2-from-3.3.3.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24 force
197C set [phase2-suite-from-3.3.3.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24 force
198C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
199C set [phase2-protocol-from-3.3.3.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
200C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
201C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
202C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
203C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
204C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
205C set [phase2-transform-from-3.3.3.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
206C set [from-3.3.3.0/24]:ID-type=IPV4_ADDR_SUBNET force
207C set [from-3.3.3.0/24]:Network=3.3.3.0 force
208C set [from-3.3.3.0/24]:Netmask=255.255.255.0 force
209C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
210C set [to-7.7.7.0/24]:Network=7.7.7.0 force
211C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
212C add [Phase 2]:Connections=from-3.3.3.0/24-to-7.7.7.0/24
213C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
214C set [peer-1.1.1.1]:Phase=1 force
215C set [peer-1.1.1.1]:Address=1.1.1.1 force
216C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
217C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
218C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
219C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
220C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
221C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
222C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
223C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
224C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
225C set [from-4.4.4.0/24-to-5.5.5.0/24]:Phase=2 force
226C set [from-4.4.4.0/24-to-5.5.5.0/24]:ISAKMP-peer=peer-1.1.1.1 force
227C set [from-4.4.4.0/24-to-5.5.5.0/24]:Configuration=phase2-from-4.4.4.0/24-to-5.5.5.0/24 force
228C set [from-4.4.4.0/24-to-5.5.5.0/24]:Local-ID=from-4.4.4.0/24 force
229C set [from-4.4.4.0/24-to-5.5.5.0/24]:Remote-ID=to-5.5.5.0/24 force
230C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:EXCHANGE_TYPE=QUICK_MODE force
231C set [phase2-from-4.4.4.0/24-to-5.5.5.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24 force
232C set [phase2-suite-from-4.4.4.0/24-to-5.5.5.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24 force
233C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:PROTOCOL_ID=IPSEC_ESP force
234C set [phase2-protocol-from-4.4.4.0/24-to-5.5.5.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
235C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
236C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
237C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
238C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
239C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
240C set [phase2-transform-from-4.4.4.0/24-to-5.5.5.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
241C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
242C set [from-4.4.4.0/24]:Network=4.4.4.0 force
243C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
244C set [to-5.5.5.0/24]:ID-type=IPV4_ADDR_SUBNET force
245C set [to-5.5.5.0/24]:Network=5.5.5.0 force
246C set [to-5.5.5.0/24]:Netmask=255.255.255.0 force
247C add [Phase 2]:Connections=from-4.4.4.0/24-to-5.5.5.0/24
248C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
249C set [peer-1.1.1.1]:Phase=1 force
250C set [peer-1.1.1.1]:Address=1.1.1.1 force
251C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
252C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
253C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
254C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
255C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
256C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
257C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
258C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
259C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
260C set [from-4.4.4.0/24-to-6.6.6.0/24]:Phase=2 force
261C set [from-4.4.4.0/24-to-6.6.6.0/24]:ISAKMP-peer=peer-1.1.1.1 force
262C set [from-4.4.4.0/24-to-6.6.6.0/24]:Configuration=phase2-from-4.4.4.0/24-to-6.6.6.0/24 force
263C set [from-4.4.4.0/24-to-6.6.6.0/24]:Local-ID=from-4.4.4.0/24 force
264C set [from-4.4.4.0/24-to-6.6.6.0/24]:Remote-ID=to-6.6.6.0/24 force
265C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:EXCHANGE_TYPE=QUICK_MODE force
266C set [phase2-from-4.4.4.0/24-to-6.6.6.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24 force
267C set [phase2-suite-from-4.4.4.0/24-to-6.6.6.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24 force
268C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:PROTOCOL_ID=IPSEC_ESP force
269C set [phase2-protocol-from-4.4.4.0/24-to-6.6.6.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
270C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
271C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
272C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
273C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
274C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
275C set [phase2-transform-from-4.4.4.0/24-to-6.6.6.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
276C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
277C set [from-4.4.4.0/24]:Network=4.4.4.0 force
278C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
279C set [to-6.6.6.0/24]:ID-type=IPV4_ADDR_SUBNET force
280C set [to-6.6.6.0/24]:Network=6.6.6.0 force
281C set [to-6.6.6.0/24]:Netmask=255.255.255.0 force
282C add [Phase 2]:Connections=from-4.4.4.0/24-to-6.6.6.0/24
283C set [Phase 1]:1.1.1.1=peer-1.1.1.1 force
284C set [peer-1.1.1.1]:Phase=1 force
285C set [peer-1.1.1.1]:Address=1.1.1.1 force
286C set [peer-1.1.1.1]:Configuration=phase1-peer-1.1.1.1 force
287C set [phase1-peer-1.1.1.1]:EXCHANGE_TYPE=ID_PROT force
288C add [phase1-peer-1.1.1.1]:Transforms=phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072 force
289C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:AUTHENTICATION_METHOD=RSA_SIG force
290C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:HASH_ALGORITHM=SHA force
291C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:ENCRYPTION_ALGORITHM=AES_CBC force
292C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:KEY_LENGTH=128,128:256 force
293C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:GROUP_DESCRIPTION=MODP_3072 force
294C set [phase1-transform-peer-1.1.1.1-RSA_SIG-SHA-AES128-MODP_3072]:Life=LIFE_MAIN_MODE force
295C set [from-4.4.4.0/24-to-7.7.7.0/24]:Phase=2 force
296C set [from-4.4.4.0/24-to-7.7.7.0/24]:ISAKMP-peer=peer-1.1.1.1 force
297C set [from-4.4.4.0/24-to-7.7.7.0/24]:Configuration=phase2-from-4.4.4.0/24-to-7.7.7.0/24 force
298C set [from-4.4.4.0/24-to-7.7.7.0/24]:Local-ID=from-4.4.4.0/24 force
299C set [from-4.4.4.0/24-to-7.7.7.0/24]:Remote-ID=to-7.7.7.0/24 force
300C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:EXCHANGE_TYPE=QUICK_MODE force
301C set [phase2-from-4.4.4.0/24-to-7.7.7.0/24]:Suites=phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24 force
302C set [phase2-suite-from-4.4.4.0/24-to-7.7.7.0/24]:Protocols=phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24 force
303C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:PROTOCOL_ID=IPSEC_ESP force
304C set [phase2-protocol-from-4.4.4.0/24-to-7.7.7.0/24]:Transforms=phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL force
305C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:TRANSFORM_ID=AES force
306C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:KEY_LENGTH=128,128:256 force
307C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:ENCAPSULATION_MODE=TUNNEL force
308C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:AUTHENTICATION_ALGORITHM=HMAC_SHA2_256 force
309C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:GROUP_DESCRIPTION=MODP_3072 force
310C set [phase2-transform-from-4.4.4.0/24-to-7.7.7.0/24-AES128-SHA2_256-MODP_3072-TUNNEL]:Life=LIFE_QUICK_MODE force
311C set [from-4.4.4.0/24]:ID-type=IPV4_ADDR_SUBNET force
312C set [from-4.4.4.0/24]:Network=4.4.4.0 force
313C set [from-4.4.4.0/24]:Netmask=255.255.255.0 force
314C set [to-7.7.7.0/24]:ID-type=IPV4_ADDR_SUBNET force
315C set [to-7.7.7.0/24]:Network=7.7.7.0 force
316C set [to-7.7.7.0/24]:Netmask=255.255.255.0 force
317C add [Phase 2]:Connections=from-4.4.4.0/24-to-7.7.7.0/24
318