From owner-freebsd-security Thu Jan 10 4:46: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from snow.fingers.co.za (snow.fingers.co.za [196.7.148.5]) by hub.freebsd.org (Postfix) with ESMTP id 6140F37B404 for ; Thu, 10 Jan 2002 04:45:59 -0800 (PST) Received: by snow.fingers.co.za (Postfix, from userid 1000) id 71CB617425; Thu, 10 Jan 2002 14:45:52 +0200 (SAST) Received: from localhost (localhost [127.0.0.1]) by snow.fingers.co.za (Postfix) with ESMTP id 68FBA11713; Thu, 10 Jan 2002 14:45:52 +0200 (SAST) Date: Thu, 10 Jan 2002 14:45:52 +0200 (SAST) From: fingers To: Veaceslav Revutchi Cc: Subject: Re: freebsd ipsec gateway and cisco vpn client for windows In-Reply-To: <20020110142841.A57473@zeus.dnt.md> Message-ID: <20020110144116.S91283-100000@snow.fingers.co.za> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi there > I need to find a way for our mobile users to access our intranet > services which are behind the firewall. the gateway to intranet > is a freebsd box with IPsec. I was wondering if I could use the > cisco vpn client for windows to set up a tunnel between the windows > mobile users and the freebsd gateway. just let me know if someone > has done this so that i know i am moving into the right direction. I don't think you can terminate the ipsec session on something that doesn't understand 'vpngroup' type settings. I looked into this briefly. From my (very brief) understanding of the cisco vpnclient stuff, you need a device on the other end that speaks "cisco vpn" to the clients, like a pix, router, IDS or vpn concentrator. If you do manage to do this, I'd be keen to see how :-) Regards --Rob To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message