Date: Mon, 18 Apr 2005 09:38:48 -0400 From: "Michael C. Cambria" <mcc@fid4.com> To: Nickolay Kritsky <Nickolay.Kritsky@astra-sw.com> Cc: net@freebsd.org Subject: Re: cisco vpn experience? Message-ID: <4263B868.5060701@fid4.com> In-Reply-To: <D86BF562467D944EB435513F725B236A0DB1EE@exchange.stardevelopers4msi.com> References: <D86BF562467D944EB435513F725B236A0DB1EE@exchange.stardevelopers4msi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nickolay Kritsky wrote: > I had a an experience of connecting 4.9 to cisco 3600 with ESP/3des/Md5 site-to-site IPsec vpn with ISAKMP based on preshared key. Software used was racoon and isakmp. I can second this, though I was using pre 4.9 (4.8?). The key is to use "site-to-site" vs. the road warrior type configurations on the 3600. Vendor road warrior setups I've seen tend to use a (proprietary) client to connect. The client (to simplify) will do things like setup a SSL/TLS connection for userid/password, send info for IKE (or just a "pre-shared" key), policy configuration etc. via that connection and modify the client's default route to send everything via the IPsec tunnel <g>. Then IPsec/IKE takes over. The only had part is getting the admin for the 3600 to cooperate (e.g. treat my connection as different than everyone else.) MikeC -- Michael C. Cambria email : mcc@fid4.com VoIP : sip:mcc@mcambria.fid4.com FWD : sip:63730@fwd.pulver.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4263B868.5060701>