Date: Fri, 25 May 2001 00:46:04 +0000 From: Gunther Schadow <gunther@aurora.regenstrief.org> To: Jeff Kreska <jkreska@kreska.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: KAME and Cisco IPSEC server? Message-ID: <3B0DAB4C.97B920A9@aurora.regenstrief.org> References: <Pine.BSF.4.21.0105231005390.11612-100000@c528925-a.plano1.tx.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Kreska wrote: > > Any one know if it is possible to connect to CISCo IPSEC server using KAME > or any other FreeBSD IPSEC software. > > I am not even sure how to find out what type of IPSEC the box is > expecting. Then you have to read the CISCO manuals on this. You want to have both the command reference and the intro to IPsec, IKE, and CA. Yes, you can do it and it has been done before. On PIX firewalls you can only do tunnel mode. With IOS IPsec you can do both tunnel and transport. In IOS I think you can do static keys, but they seem to prefer IKE. So use racoon, but my work with racoon wasn't very successful several months ago. Sakane has improved racoon since then though. Upgrade IPsec on FreeBSD to a recent KAME-snap. Chances are you will have problems even with 4.3-RELEASE. You need to tweak the Cisco thing to do what you can do. Go step by step. Start with configured tunnels and static keys. Then add racoon with preshard key. Only then add certificates. Racoon can do certificates, but bugs are to be expected. BTW Cisco's things have bugs too!!!! So if something doesn't work as expected, there can be many reasons. good luck, -Gunther -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B0DAB4C.97B920A9>