Cisco IOS <-> FreeBSD IPSEC tunel
Pavel Just
Pavel.Just at ais.cz
Tue May 24 09:00:05 CEST 2005
Zdravím.
Mate nekdo rozchozeny IPSEC kanal mezi CISCO routerem a FreeBSD 4.10 ?
Konfigurace meho racoona je:
remote anonymous
{
#exchange_mode main,aggressive;
exchange_mode main,base,aggressive;
doi ipsec_doi;
situation identity_only;
# passive on;
support_proxy on;
nonce_size 16;
lifetime time 1 min; # sec,min,hour
initial_contact on;
# support_mip6 on;
proposal_check obey; # obey, strict or claim
#very important. We need 3DES for encryption and MD5 as checksum
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
Pre-shared key mame vymenene. Setkey vypada:
setkey -c << EOF
spdadd 111.1.81.11/32 222.65.218.22/32 any -P in ipsec
esp/tunnel/192.168.41.2-192.168.41.1/require;
spdadd 222.65.218.22/32 111.1.81.11/32 any -P out ipsec
esp/tunnel/192.168.41.1-192.168.41.2/require;
EOF
Konfigurace cisca:
> crypto isakmp policy 10
> encr 3des
> hash md5
> authentication pre-share
> !
> !
> crypto ipsec transform-set myset esp-3des
> !
> crypto map mymap 10 ipsec-isakmp
> set peer 222.65.218.22
> set transform-set myset
> match address 106
>
> ......
> access-list 106 permit ip host 111.1.81.11 host 222.65.218.22
> access-list 106 permit tcp host 111.1.81.11 host 222.65.218.22
>
Neprojde mi ani první fáze.
Pavel Just
--
More information about the Users-l
mailing list