|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Scott M. Nolde (scott_at_smnolde.com)
Date: Tue Sep 10 2002 - 21:20:50 CDT
Mike Tancsa(mike
sentex.net)2002.09.03 10:50:02 +0000:
>
>
> Question: How do I setup an IPSEC ESP Tunnel between a Cisco router and
> FreeBSD
>
> AN Answer:
>
> OK, I have seen a few people ask this question, but I had not found via the
> search engines a sample config on how to setup an IPSEC tunnel between a
> FreeBSD box and Cisco router. We had a customer over the weekend wanting to
> do just this, so I figured I would post the setup here in case anyone else
> wanted to do something like this.
>
<snippage>
Mike,
I appreciate your efforts in documenting this. I have verified 3DES
encryption using a Cisco 1720 router with IOS c1700-k2sy-mz.121-5.T8.bin.
Other IOSs that support 3DES should work similarly.
From racoon's log:
2002-09-10 22:13:16: DEBUG: algorithm.c:509:alg_ipsec_encdef():
encription(3des)
2002-09-10 22:13:16: DEBUG: algorithm.c:552:alg_ipsec_hmacdef():
hmac(hmac_md5)
From the Cisco 1720 log:
04:10:19: IPSEC(initialize_sas): ,
(key eng. msg.) src= 192.168.10.20, dest= 192.168.10.7,
src_proxy= 192.168.10.20/255.255.255.255/0/0 (type=1),
dest_proxy= 192.168.10.7/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-3des esp-md5-hmac ,
lifedur= 300s and 4608000kb,
spi= 0xA7471E6(175403494), conn_id= 2001, keysize= 0, flags= 0x25
04:10:19: IPSEC(create_sa): sa created,
(sa) sa_dest= 192.168.10.7, sa_prot= 50,
sa_spi= 0xA7471E6(175403494),
sa_trans= esp-3des esp-md5-hmac , sa_conn_id= 2001
The changes to the router configuration is minor, as you change esp-des to
esp-3des. raccon.conf is changed by using 3des instead of des in the
sainfo section.
-- Scott Nolde GPG Key 0xD869AB48To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]