Cisco IOS <-> FreeBSD IPSEC tunel

Jiri Calda calda at dzungle.ms.mff.cuni.cz
Wed May 25 13:31:10 CEST 2005


Pavel Just wrote:

>    Mate nekdo rozchozeny IPSEC kanal mezi CISCO routerem a FreeBSD 4.10 ?
> Konfigurace meho racoona je:

Nemam cas ti to prohledat, tady mas funkcni konfig jak nam to beha:

path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;

listen {
   isakmp MOJE IP;
}

remote anonymous
{
   exchange_mode aggressive,main,base;
   doi ipsec_doi;
   #situation identity_only;
   my_identifier address MOJE IP;
   nonce_size 16;
   lifetime time 3600 sec; # sec,min,hour
   initial_contact on;
   #support_mip6 on;
   proposal_check obey; # obey, strict or claim

   proposal {
     encryption_algorithm des;
     hash_algorithm sha1;
     authentication_method pre_shared_key ;
     dh_group 2 ;
   }
}

sainfo anonymous
{
   pfs_group 2;
   lifetime time 3600 sec;
   encryption_algorithm des,3des ;
   authentication_algorithm hmac_sha1;
   compression_algorithm deflate;
}

Cisco:
crypto isakmp policy 1
  hash md5
  authentication pre-share
  group 2
  lifetime 6000
crypto isakmp key xxx address IP FREEBSD
crypto isakmp key yyy address IP CISCA
!
crypto ipsec security-association lifetime seconds 6000
!
crypto ipsec transform-set MB esp-des esp-md5-hmac
!
crypto map FreeBSDIPSEC-MAP 1 ipsec-isakmp
  description CARPOCR site called MB
  set peer IP FREEBSD
  set transform-set MB
  set pfs group2
  match address 109


Jirka



More information about the Users-l mailing list