Tunnels to Cisco through NAT?

Tuc at T-B-O-H.NET ml at t-b-o-h.net
Fri Oct 27 12:53:41 UTC 2006

> On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote:
> > 	Is anyone aware of a tunnel between FreeBSD and Cisco that
> > can go through a NAT on the Cisco side?
> If you update the Cisco firmware with the latest IOS+VPN version, you  
> ought to gain proper NAT-T support which will work with most IPSEC/ 
> VPN implementations.  Otherwise, if you only need to implement a  
> single VPN tunnel, you can use something like OpenVPN, which only  
> needs you to forward a single UDP port (1194)...
	Ok, I've :

	1) Updated the IOS to c2500-ik8os-l.122-32
	2) I've installed ipsec-tools on FreeBSD after applying
		the NAT-T patch (freebsd6-natt.diff) to
		5.5-RELEASE-p8 and recompiling.
	3) Set up on FreeBSD :

ifconfig gre0 unplumb
ifconfig gre0 create
ifconfig gre0 netmask 0xffffffff link1 up
ifconfig gre0 tunnel

	4) Set up on Cisco :

interface Tunnel0
 ip address
 tunnel source Ethernet0
 tunnel destination
interface Ethernet0
 ip address


	So now I can ping across the GRE, which is really nice.

	So now the next part is getting IPSEC over it.... And
I'm again stuck. I'm trying to use :


	as a reference, but there seems to be alot more going
on that really confuses me. Has anyone gone this route?

		Thanks, Tuc

More information about the freebsd-questions mailing list