Seitenhistorie

Seiteneigenschaften

Deutsch

Beschreibung:

Das Skript konfiguriert alles, was notwendig ist, um einen IKE-Load-Balancer für eine Zentrale zu konfigurieren (einschließlich DMZ-Netzwerk, VRRP und Route).

Liste der verwendeten Variablen:

Variable	Beschreibung

Add-

In

in Code:

/**
* @param {Config} config
* @param {Context} context
* Do not edit this comment or parameter types. Required for code suggestions
*/
exports.main = function (config, context) {

//

Function to create VRRP Entry

 Required variables:

var addVRRPEntry = function (routerID, routerIP, mainPrio, backupPrio, remoteSite, comment) {
var table1_2_8_21_2 = config.getTableByOid("1.2.8.21.2");
var table_1_2_8_21_2_row_1 = table1_2_8_21_2.createNewRow();
table_1_2_8_21_2_row_1.setByOid(1, routerID);
table_1_2_8_21_2_row_1.setByOid(2, routerIP);
table_1_2_8_21_2_row_1.setByOid(3, mainPrio);
table_1_2_8_21_2_row_1.setByOid(4, backupPrio);
table_1_2_8_21_2_row_1.setByOid(5, remoteSite);
table_1_2_8_21_2_row_1.setByOid(6, comment);
table1_2_8_21_2.addOrMerge(table_1_2_8_21_2_row_1);
};
// If Statement to only create VRRP Entry, if device has the variable VRRP_Prio
if (context.vars.VRRP_PRIO != "") {
config.setScalarByOid("1.2.8.21.1", "1");
// Function Call to create a new Entry
addVRRPEntry("1", "10.10.10.254", context.vars.VRRP_PRIO, "0", "INTERNET", "");
}
};

Addin als JSON-Datei:

   // VRID          = string
    // VRRP_IP       = string
    // VRRP_PRIO     = string
    // DMZ_IP        = string
    // DMZ_GW        = string
    // LOAD_PASSWORD = string

    if (context.network.isCentralGateway) {

        // /Setup/TCP-IP/Network-list/
        var networkList = config.getTableByOid("1.2.7.30");
        var rowDmz = networkList.createNewRow();
        rowDmz.setByOid("1", "DMZ");                //Network-name
        rowDmz.setByOid("2", context.vars.DMZ_IP);  //IP-Address
        rowDmz.setByOid("3", "255.255.255.0");      //IP-Netmask
        rowDmz.setByOid("4", "1");                  //VLAN-ID
        rowDmz.setByOid("5", "256");                //Interface (257 = LAN-2)
        rowDmz.setByOid("6", "0");                  //Src-check (0 = Loose)
        rowDmz.setByOid("7", "2");                  //Type (2 = DMZ)
        rowDmz.setByOid("8", "0");                  //Rtg-Tag
        rowDmz.setByOid("9", "demilitarized zone"); //Comment
        networkList.addOrMerge(rowDmz);

        // /Setup/IP-Router/IP-Routing-Table/
        var routingTable = config.getTableByOid("1.2.8.2");
        var routeToGw = routingTable.createNewRow();
        routeToGw.setByOid("1", "255.255.255.255");   //IP-Address
        routeToGw.setByOid("2", "0.0.0.0");           //IP-Netmask
        routeToGw.setByOid("8", "0");                 //Rtg-tag
        routeToGw.setByOid("6", "0");                 //Active     (No (1), Yes (0), Semi (2))
        routeToGw.setByOid("3", context.vars.DMZ_GW); //Peer-or-IP
        routeToGw.setByOid("4", "0");                 //Distance
        routeToGw.setByOid("5", "0");                 //Masquerade (No (0), on (1), intranet (2))
        routeToGw.setByOid("7", "");                  //Comment
        routingTable.addOrMerge(routeToGw);

        config.setScalarByOid("1.2.102.12", "DMZ"); //Loopback-Adresse für LMC
        config.setScalarByOid("1.2.8.21.1", "1");   //VRRP Operating
        config.setScalarByOid("1.2.8.21.3", "30");  //VRRP Reconnect-Delay

        // /Setup/IP-Router/VRRP/VRRP-List
        var vrrpList = config.getTableByOid("1.2.8.21.2");
        var vrrpRow = vrrpList.createNewRow();
        vrrpRow.setByOid("1", context.vars.VRID);      //VRID
        vrrpRow.setByOid("2", context.vars.VRRP_IP);   //Virtual IP
        vrrpRow.setByOid("3", context.vars.VRRP_PRIO); //VRRP Prio
        vrrpList.addOrMerge(vrrpRow);

        config.setScalarByOid("1.2.19.50.1", "1"); //VPN Loadbalancer Operating

        // /Setup/VPN/Load-Balancer/Instances
        var lbInstances = config.getTableByOid("1.2.19.50.2");
        var lbInstance = lbInstances.createNewRow();
        lbInstance.setByOid("1", context.vars.VRID);   //VRID
        lbInstance.setByOid("2", context.vars.DMZ_IP); //Redirect-Target
        lbInstance.setByOid("4", "DEFAULT");           //Message-Profile
        lbInstances.addOrMerge(lbInstance);

        // /Setup/VPN/Load-Balancer/Message-Profiles
        var messageProfiles = config.getTableByOid("1.2.19.50.3");
        var profile = messageProfiles.createNewRow();
        profile.setByOid("1", "DEFAULT");                  //Profile-Name
        profile.setByOid("2", "DMZ");                      //Interface
        profile.setByOid("3", "239.255.22.11");            //Address
        profile.setByOid("4", "1987");                     //Port
        profile.setByOid("5", "2000");                     //Interval
        profile.setByOid("6", "3000");                     //Holdtime
        profile.setByOid("7", "5");                        //Replay-Window
        profile.setByOid("8", "15");                       //Max-Time-Skew
        profile.setByOid("9", context.vars.LOAD_PASSWORD); //Secret
        profile.setByOid("10", "3");                       //Cipher (3 = AES-256-CGM)
        profile.setByOid("11", "1");                       //HMAC   (1 = 96-Bits)
        messageProfiles.addOrMerge(profile);
    }
};

Add-in als JSON-Datei:

View file

name	ike_load_balancer.json
height	150

Englisch

Description:

The script configures everything that is necessary to configure an IKE load balancer for a the head office (including DMZ network, VRRP & route).

...

english

List of used variables:

Variable	Description

Add-in code:

/**

*

@param

{Config}

config

*

@param

{Context}

context

*

Do

not

edit

this

comment

or

parameter

types.

Required

for

code

suggestions

*/

exports.main

=

function

(config,

context)

{

// Required variables:

// VRID

= string

// VRRP_IP

= string

// VRRP_PRIO

= string

// DMZ_IP

= string

// DMZ_GW

= string

// LOAD_PASSWORD = string

if (context.network.isCentralGateway) {

// /Setup/TCP-IP/Network-list/

var networkList = config.getTableByOid("1.2.7.30");

var rowDmz = networkList.createNewRow();

rowDmz.setByOid("1", "DMZ");

//Network-name

rowDmz.setByOid("2", context.vars.DMZ_IP);

//IP-Address

rowDmz.setByOid("3", "255.255.255.0");

//IP-Netmask

rowDmz.setByOid("4", "1");

//VLAN-ID

rowDmz.setByOid("5", "256");

//Interface (257 = LAN-2)

rowDmz.setByOid("6", "0");

//Src-check (0 = Loose)

rowDmz.setByOid("7", "2");

//Type (2 = DMZ)

rowDmz.setByOid("8", "0");

//Rtg-Tag

rowDmz.setByOid("9", "demilitarized zone"); //Comment

networkList.addOrMerge(rowDmz);

// /Setup/IP-Router/IP-Routing-Table/

var routingTable = config.getTableByOid("1.2.8.2")

;

; var routeToGw = routingTable.createNewRow();

routeToGw.setByOid("1", "255.255.255.255");

//IP-Address

routeToGw.setByOid("2", "0.0.0.0");

//IP-Netmask

routeToGw.setByOid("8", "0");

//Rtg-tag

routeToGw.setByOid("6", "0");

//Active

(No (1), Yes (0), Semi (2))

routeToGw.setByOid("3", context.vars.DMZ_GW); //Peer-or-IP

routeToGw.setByOid("4", "0")

;

; //Distance

routeToGw.setByOid("5", "0");

//Masquerade (No (0), on (1), intranet (2))

routeToGw.setByOid("7", "");

//Comment

routingTable.addOrMerge(routeToGw);

config.setScalarByOid("1.2.102.12", "DMZ"); //Loopback-Adresse für LMC

config.setScalarByOid("1.2.8.21.1", "1");

//VRRP Operating

config.setScalarByOid("1.2.8.21.3", "30");

//VRRP Reconnect-Delay

// /Setup/IP-Router/VRRP/VRRP-List

var vrrpList = config.getTableByOid("1.2.8.21.2");

var vrrpRow = vrrpList.createNewRow();

vrrpRow.setByOid("1", context.vars.VRID);

//VRID

vrrpRow.setByOid("2", context.vars.VRRP_IP);

//Virtual IP

vrrpRow.setByOid("3", context.vars.VRRP_PRIO); //VRRP Prio

vrrpList.addOrMerge(vrrpRow);

config.setScalarByOid("1.2.19.50.1", "1"); //VPN Loadbalancer Operating

// /Setup/VPN/Load-Balancer/Instances

var lbInstances = config.getTableByOid("1.2.19.50.2");

var lbInstance = lbInstances.createNewRow();

lbInstance.setByOid("1", context.vars.VRID);

//VRID

lbInstance.setByOid("2", context.vars.DMZ_IP); //Redirect-Target

lbInstance.setByOid("4", "DEFAULT");

//Message-Profile

lbInstances.addOrMerge(lbInstance);

// /Setup/VPN/Load-Balancer/Message-Profiles

var messageProfiles = config.getTableByOid("1.2.19.50.3");

var profile = messageProfiles.createNewRow();

profile.setByOid("1", "DEFAULT");

//Profile-Name

profile.setByOid("2", "DMZ");

//Interface

profile.setByOid("3", "239.255.22.11");

//Address

profile.setByOid("4", "1987");

//Port

profile.setByOid("5", "2000");

//Interval

profile.setByOid("6", "3000");

//Holdtime

profile.setByOid("7", "5");

//Replay-Window

profile.setByOid("8", "15");

//Max-Time-Skew

profile.setByOid("9", context.vars.LOAD_PASSWORD); //Secret

profile.setByOid("10", "3");

//Cipher (3 = AES-256-CGM)

profile.setByOid("11",

"1");

"1"); //HMAC

(1 = 96-Bits)

messageProfiles.addOrMerge(profile);

}

};

Add-in as JSON file:

View file

name	ike_load_balancer.json
height	150

Seitenhierarchie

Versionen im Vergleich

Alte Version 3

Neue Version Aktuell

Schlüssel