Tunnels to Cisco through NAT?
Tuc at T-B-O-H.NET
ml at t-b-o-h.net
Fri Oct 27 12:53:41 UTC 2006
>
> On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote:
> > Is anyone aware of a tunnel between FreeBSD and Cisco that
> > can go through a NAT on the Cisco side?
>
> If you update the Cisco firmware with the latest IOS+VPN version, you
> ought to gain proper NAT-T support which will work with most IPSEC/
> VPN implementations. Otherwise, if you only need to implement a
> single VPN tunnel, you can use something like OpenVPN, which only
> needs you to forward a single UDP port (1194)...
>
Ok, I've :
1) Updated the IOS to c2500-ik8os-l.122-32
2) I've installed ipsec-tools on FreeBSD after applying
the NAT-T patch (freebsd6-natt.diff) to
5.5-RELEASE-p8 and recompiling.
3) Set up on FreeBSD :
ifconfig gre0 unplumb
ifconfig gre0 create
ifconfig gre0 192.168.4.1 192.168.4.2 netmask 0xffffffff link1 up
ifconfig gre0 tunnel 192.136.64.116 69.28.185.2
4) Set up on Cisco :
interface Tunnel0
ip address 192.168.4.2 255.255.255.0
tunnel source Ethernet0
tunnel destination 192.136.64.116
!
interface Ethernet0
ip address 69.28.185.2 255.255.255.240
So now I can ping across the GRE, which is really nice.
So now the next part is getting IPSEC over it.... And
I'm again stuck. I'm trying to use :
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml
as a reference, but there seems to be alot more going
on that really confuses me. Has anyone gone this route?
Thanks, Tuc
More information about the freebsd-questions
mailing list