/* Name: Pix/ASA Site-to-Site VPN Generator Author: Ryan Reed Version: 20090515.1 */ function vpnGenerator (form) { // General var vpnName = form.vpnName.value; var pixVersion = form.pixVersion.selectedIndex; var peerIP = form.peerIP.value; var interface = form.interface.value; var aclName = form.aclName.value; var cryptoMapName = form.cryptoMapName.value; var polNum = form.polNum.value; // Phase 1 var p1Encrypt = form.p1Encrypt.selectedIndex; var p1EncryptResult = form.p1Encrypt.options[p1Encrypt].text; var p1Hash = form.p1Hash.selectedIndex; var p1HashResult = form.p1Hash.options[p1Hash].text; var dhGroup = form.dhGroup.selectedIndex; var dhGroupResult = form.dhGroup.options[dhGroup].text; var p1Timeout = form.p1Timeout.value; if (form.secret.value.length == 0) { var secret = randomKey(); } else { var secret = form.secret.value; } //Phase 2 var p2Encrypt = form.p2Encrypt.selectedIndex; var p2EncryptResult = form.p2Encrypt.options[p2Encrypt].text; var p2Hash = form.p2Hash.selectedIndex; var p2HashResult = form.p2Hash.options[p2Hash].text; var p2Timeout = form.p2Timeout.value; var pfs = form.pfs.selectedIndex; var pfsResult = form.pfs.options[pfs].text; if (p2Encrypt == 0) { var transformSetEnc = "esp-des"; } else if (p2Encrypt == 1) { var transformSetEnc = "esp-3des"; } else if (p2Encrypt == 2) { var transformSetEnc = "esp-aes-256"; } if (p2Hash == 0) { var transformSetHash = "esp-sha-hmac"; } else if (p2Hash == 1) { var transformSetHash = "esp-md5-hmac"; } document.getElementById('preShared').value = secret; // Pix 6 if (pixVersion == 0) { document.getElementById('code').value = "isakmp enable " + interface + " \n" + "isakmp key " + secret + " address " + peerIP + " netmask 255.255.255.255 no-xauth\n" + "isakmp policy " + polNum + " authentication pre-share\n" + "isakmp policy " + polNum + " encryption " + p1EncryptResult + " \n" + "isakmp policy " + polNum + " hash " + p1HashResult + " \n" + "isakmp policy " + polNum + " " + dhGroupResult + " \n" + "isakmp policy " + polNum + " lifetime " + p1Timeout + " \n\n" + "crypto ipsec transform-set " + vpnName + " " + transformSetEnc + " " + transformSetHash + " \n" + "crypto ipsec security-association lifetime seconds " + p2Timeout + " \n\n" + "crypto map " + cryptoMapName + " " + polNum + " ipsec-isakmp \n" + "crypto map " + cryptoMapName + " " + polNum + " set peer " + peerIP + " \n" + "crypto map " + cryptoMapName + " " + polNum + " match address " + aclName + " \n" + "crypto map " + cryptoMapName + " " + polNum + " set transform-set " + vpnName + " \n" + "crypto map " + cryptoMapName + " " + polNum + " set pfs " + pfsResult + "\n" + "crypto map " + cryptoMapName + " interface " + interface ;} // Pix 7 else if (pixVersion == 1) { document.getElementById('code').value = "crypto isakmp enable " + interface + "\n" + "crypto isakmp identity address\n\n" + "group-policy " + vpnName + "_policy internal \n" + "group-policy " + vpnName + "_policy attributes \n" + " vpn-filter value " + aclName + " \n" + " vpn-idle-timeout none \n" + " exit \n\n" + "tunnel-group " + peerIP + " type ipsec-l2l \n" + "tunnel-group " + peerIP + " general-attributes \n" + " default-group-policy " + vpnName + "_policy \n" + " exit \n" + "tunnel-group " + peerIP + " ipsec-attributes \n" + " pre-shared-key " + secret + "\n" + " exit\n\n" + "crypto isakmp policy " + polNum + "\n" + " authentication pre-share \n" + " encryption " + p1EncryptResult + "\n" + " hash " + p1HashResult + "\n" + " " + dhGroupResult + "\n" + " lifetime " + p1Timeout + "\n" + " exit\n\n" + "crypto ipsec transform-set " + vpnName + " " + transformSetEnc + " " + transformSetHash + " \n" + "crypto map " + cryptoMapName + " " + polNum + " set peer " + peerIP + "\n" + "crypto map " + cryptoMapName + " " + polNum + " match address " + aclName + "\n" + "crypto map " + cryptoMapName + " " + polNum + " set transform-set " + vpnName + "\n" + "crypto map " + cryptoMapName + " " + polNum + " set security-association lifetime seconds " + p2Timeout + "\n" + "crypto map " + cryptoMapName + " " + polNum + " set pfs " + pfsResult + "\n" + "crypto map " + cryptoMapName + " interface " + interface ;} document.getElementById('code').select(); } function randomKey() { var chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz`~!@#$%^&*()\\-_=+'/\",.<>?[]*"; var string_length = 12; var randomstring = ''; for (var i=0; i