Cisco IOS <-> FreeBSD IPSEC tunel
Jiri Calda
calda at dzungle.ms.mff.cuni.cz
Wed May 25 13:31:10 CEST 2005
Pavel Just wrote:
> Mate nekdo rozchozeny IPSEC kanal mezi CISCO routerem a FreeBSD 4.10 ?
> Konfigurace meho racoona je:
Nemam cas ti to prohledat, tady mas funkcni konfig jak nam to beha:
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
listen {
isakmp MOJE IP;
}
remote anonymous
{
exchange_mode aggressive,main,base;
doi ipsec_doi;
#situation identity_only;
my_identifier address MOJE IP;
nonce_size 16;
lifetime time 3600 sec; # sec,min,hour
initial_contact on;
#support_mip6 on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 2;
lifetime time 3600 sec;
encryption_algorithm des,3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
}
Cisco:
crypto isakmp policy 1
hash md5
authentication pre-share
group 2
lifetime 6000
crypto isakmp key xxx address IP FREEBSD
crypto isakmp key yyy address IP CISCA
!
crypto ipsec security-association lifetime seconds 6000
!
crypto ipsec transform-set MB esp-des esp-md5-hmac
!
crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp
description CARPOCR site called MB
set peer IP FREEBSD
set transform-set MB
set pfs group2
match address 109
Jirka
More information about the Users-l
mailing list