update thold_data a , graph_templates_graph b
SET a.name=b.title_cache
where a.graph_id=b.local_graph_id
https://github.com/Cacti/plugin_thold/releases
- ipsec vpn
confidential - encryption - symmectric RC4 DES 3DES AES blowfish , asymmectric public key RSA DH ( groups 12514 )
integrity - hash MD5 SHA1 SHA2 ( sender data+hash, receiver data+hash = hash )
authentication - HMAC ( hashed mess authen code ) Diffie-Hellman algorithm ( DH groups 125 )
Step1 established IKE (500/UDP)- phase 1 : proposals (encrypt,hash,authen,DH groups)- policy (main/aggressive, preshared key)- gateway (IP,interface) - phase 2 : quick mode - proposal ( ESP/AH , hmac ) - policy (PFS reasign DH groups) - vpn ( tunnel/transport mode)
Step 2 : process traffic - transport mode ( insert ipsec header before payload ) vs tunnel mode ( new header packed the original + trail ) ; AH (51,intefrity,authen,antireplay) vs ESP (50 , integrity,authen,antireplay,confidential )
==============================
Phase 1
+ proposal : auth-algo (md5,sha1/256) auth-method ( preshared / DSARSA key) encrypt-algo (DES,3DES,AES) dh-group (12514) lifetime ( 180s - 1day)
+ policy : proposal ( F1_PRO ) preshared-key (”pass123″)/certificate(DSARSA) mode (main/aggresive)
+ gateway : policy ( F1_POL) address (remote_ip) external interface (ge-0/0/0)
Phase 2
+ proposal : authen-algo (HMAC-md5/sha1256) encrypt (DES,3DES,AES) lifetime, protocol (ESP/AH)
+ policy : proposal (F2_PRO) PFS key (group12514)
+ vpn : bind-interface (st0.1) establishedtunnel ( immediate ) ike gateway (F1_GW) ike ipsec-pol (F2_POL)
update thold_data a , graph_templates_graph b
SET a.name=b.title_cache
where a.graph_id=b.local_graph_id
https://github.com/Cacti/plugin_thold/releases