Re: cisco vpn experience?
From: Michael C. Cambria (mcc_at_fid4.com)
Date: 04/18/05
- Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
- In reply to: Nickolay Kritsky: "RE: cisco vpn experience?"
- Next in thread: Michael Vince: "Re: cisco vpn experience?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 18 Apr 2005 09:38:48 -0400 To: Nickolay Kritsky <Nickolay.Kritsky@astra-sw.com>
Nickolay Kritsky wrote:
> I had a an experience of connecting 4.9 to cisco 3600 with ESP/3des/Md5 site-to-site IPsec vpn with ISAKMP based on preshared key. Software used was racoon and isakmp.
I can second this, though I was using pre 4.9 (4.8?). The key is to
use "site-to-site" vs. the road warrior type configurations on the 3600.
Vendor road warrior setups I've seen tend to use a (proprietary) client
to connect. The client (to simplify) will do things like setup a
SSL/TLS connection for userid/password, send info for IKE (or just a
"pre-shared" key), policy configuration etc. via that connection and
modify the client's default route to send everything via the IPsec
tunnel <g>. Then IPsec/IKE takes over.
The only had part is getting the admin for the 3600 to cooperate (e.g.
treat my connection as different than everyone else.)
MikeC
-- Michael C. Cambria email : mcc@fid4.com VoIP : sip:mcc@mcambria.fid4.com FWD : sip:63730@fwd.pulver.com _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: FreeBSD bugmaster: "Current problem reports assigned to you"
- In reply to: Nickolay Kritsky: "RE: cisco vpn experience?"
- Next in thread: Michael Vince: "Re: cisco vpn experience?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
