Tunnels to Cisco through NAT?
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Fri Oct 27 12:53:41 UTC 2006
> On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote:
> > Is anyone aware of a tunnel between FreeBSD and Cisco that
> > can go through a NAT on the Cisco side?
> If you update the Cisco firmware with the latest IOS+VPN version, you
> ought to gain proper NAT-T support which will work with most IPSEC/
> VPN implementations. Otherwise, if you only need to implement a
> single VPN tunnel, you can use something like OpenVPN, which only
> needs you to forward a single UDP port (1194)...
Ok, I've :
1) Updated the IOS to c2500-ik8os-l.122-32
2) I've installed ipsec-tools on FreeBSD after applying
the NAT-T patch (freebsd6-natt.diff) to
5.5-RELEASE-p8 and recompiling.
3) Set up on FreeBSD :
ifconfig gre0 unplumb
ifconfig gre0 create
ifconfig gre0 192.168.4.1 192.168.4.2 netmask 0xffffffff link1 up
ifconfig gre0 tunnel 126.96.36.199 188.8.131.52
4) Set up on Cisco :
ip address 192.168.4.2 255.255.255.0
tunnel source Ethernet0
tunnel destination 184.108.40.206
ip address 220.127.116.11 255.255.255.240
So now I can ping across the GRE, which is really nice.
So now the next part is getting IPSEC over it.... And
I'm again stuck. I'm trying to use :
as a reference, but there seems to be alot more going
on that really confuses me. Has anyone gone this route?
More information about the freebsd-questions