Date: Fri, 27 Oct 2006 08:53:27 -0400 (EDT) From: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net> To: cswiger@mac.com (Chuck Swiger) Cc: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net>, freebsd-questions@freebsd.org Subject: Re: Tunnels to Cisco through NAT? Message-ID: <200610271253.k9RCrRn2078192@himinbjorg.tucs-beachin-obx-house.com> In-Reply-To: <691257EF-3060-450B-90DB-E82DE4CEDEB2@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote: > > Is anyone aware of a tunnel between FreeBSD and Cisco that > > can go through a NAT on the Cisco side? > > If you update the Cisco firmware with the latest IOS+VPN version, you > ought to gain proper NAT-T support which will work with most IPSEC/ > VPN implementations. Otherwise, if you only need to implement a > single VPN tunnel, you can use something like OpenVPN, which only > needs you to forward a single UDP port (1194)... > Ok, I've : 1) Updated the IOS to c2500-ik8os-l.122-32 2) I've installed ipsec-tools on FreeBSD after applying the NAT-T patch (freebsd6-natt.diff) to 5.5-RELEASE-p8 and recompiling. 3) Set up on FreeBSD : ifconfig gre0 unplumb ifconfig gre0 create ifconfig gre0 192.168.4.1 192.168.4.2 netmask 0xffffffff link1 up ifconfig gre0 tunnel 192.136.64.116 69.28.185.2 4) Set up on Cisco : interface Tunnel0 ip address 192.168.4.2 255.255.255.0 tunnel source Ethernet0 tunnel destination 192.136.64.116 ! interface Ethernet0 ip address 69.28.185.2 255.255.255.240 So now I can ping across the GRE, which is really nice. So now the next part is getting IPSEC over it.... And I'm again stuck. I'm trying to use : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml as a reference, but there seems to be alot more going on that really confuses me. Has anyone gone this route? Thanks, Tuc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610271253.k9RCrRn2078192>