cisco vpn experience?
Michael C. Cambria
mcc at fid4.com
Mon Apr 18 06:38:59 PDT 2005
Nickolay Kritsky wrote:
> I had a an experience of connecting 4.9 to cisco 3600 with ESP/3des/Md5 site-to-site IPsec vpn with ISAKMP based on preshared key. Software used was racoon and isakmp.
I can second this, though I was using pre 4.9 (4.8?). The key is to
use "site-to-site" vs. the road warrior type configurations on the 3600.
Vendor road warrior setups I've seen tend to use a (proprietary) client
to connect. The client (to simplify) will do things like setup a
SSL/TLS connection for userid/password, send info for IKE (or just a
"pre-shared" key), policy configuration etc. via that connection and
modify the client's default route to send everything via the IPsec
tunnel <g>. Then IPsec/IKE takes over.
The only had part is getting the admin for the 3600 to cooperate (e.g.
treat my connection as different than everyone else.)
MikeC
--
Michael C. Cambria
email : mcc at fid4.com
VoIP : sip:mcc at mcambria.fid4.com
FWD : sip:63730 at fwd.pulver.com
More information about the freebsd-net
mailing list