Date: Tue, 21 Jul 2009 23:42:39 -0400 From: rascal <rascal1981@gmail.com> To: rascal <rascal1981@gmail.com>, freebsd-net@freebsd.org Subject: Re: question regarding IPSEC Setup Message-ID: <3228ef7c0907212042vcc77f7cx1e73fc48ae9e8628@mail.gmail.com> In-Reply-To: <20090717062218.GL6896@verio.net> References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> <20090714134131.GA23925@traktor.dnepro.net> <3228ef7c0907140918i5d90dc44q995a4210f2767f9a@mail.gmail.com> <20090715001514.GU6896@verio.net> <3228ef7c0907141843s30df148eu2c6c64acd7748029@mail.gmail.com> <20090715021251.GV6896@verio.net> <3228ef7c0907142001y650892b3w696576647086ba38@mail.gmail.com> <20090717062218.GL6896@verio.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry for the delay on replying to this but I have been horribly swamped with a handful of other fires. I am coming back to this tomorrow and with a fresh cisco device! So I am hoping to have an update for you all tomorrow or the next day. Thanks again David for the fresh cisco example; I can already see at least to points of issue that I have made! I'll get back to you all soon and thanks again! On Fri, Jul 17, 2009 at 2:22 AM, David DeSimone <fox@verio.net> wrote: > rascal <rascal1981@gmail.com> wrote: > > > > If I could ask one more favor; what does your cisco config look like > > that would match one of these? I have got mine configed based on > > someone else's tunnel specs and while I am sure they are comparable I > > wanted to make sure I wasn't missing anything. > > Here's an example config that I sanitized from one of our Cisco routers; > I think it should work, but it's only an example. At some point you > have to adapt these configs to your own situation. :) > > crypto isakmp policy 1 > encr aes > authentication pre-share > group 2 > > crypto isakmp key SecretKey!! address 11.22.33.44 > > crypto ipsec transform-set AES-SHA1 esp-aes esp-sha-hmac > > crypto map IPSEC local-address GigabitEthernet0/1 > > crypto map IPSEC 1 ipsec-isakmp > set peer 11.22.33.44 > set transform-set AES-SHA1 > match address remote-site > > interface GigabitEthernet0/1 > ip address 55.66.77.88 255.255.255.224 > crypto map IPSEC > > ip access-list extended remote-site > permit ip 10.20.50.60 0.0.0.255 10.10.30.40 0.0.0.255 > permit ip 10.20.50.60 0.0.0.255 10.10.30.50 0.0.0.255 > permit ip 10.20.50.70 0.0.0.255 10.10.30.40 0.0.0.255 > permit ip 10.20.50.70 0.0.0.255 10.10.30.50 0.0.0.255 > > -- > David DeSimone == Network Admin == fox@verio.net > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has > been sent, and may contain information that is confidential or legally > protected. If you are not the intended recipient or have received this > message in error, you are not authorized to copy, distribute, or otherwise > use this message or its attachments. Please notify the sender immediately by > return e-mail and permanently delete this message and any attachments. > Verio, Inc. makes no warranty that this email is error or virus free. Thank > you. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3228ef7c0907212042vcc77f7cx1e73fc48ae9e8628>