From owner-freebsd-net@FreeBSD.ORG  Wed Apr  2 14:55:20 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5AFE637B401
	for <net@freebsd.org>; Wed,  2 Apr 2003 14:55:20 -0800 (PST)
Received: from brainlink.com (mail.brainlink.com [66.228.0.129])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F61743F85
	for <net@freebsd.org>; Wed,  2 Apr 2003 14:55:19 -0800 (PST)
	(envelope-from anthonyv@brainlink.com)
Received: from [24.185.4.7] (account anthonyv HELO brainlink.com)
  by brainlink.com (CommuniGate Pro SMTP 3.5.3)
  with ESMTP id 19000206 for net@freebsd.org; Wed, 02 Apr 2003 17:55:18 -0500
Message-ID: <3E8B6A51.6040305@brainlink.com>
Date: Wed, 02 Apr 2003 17:55:13 -0500
From: Anthony Volodkin <anthonyv@brainlink.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.3b) Gecko/20030210
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: net@freebsd.org
References: <86pto6mbxj.fsf@notbsdems.interne.kisoft-services.com>
	<05b901c2f881$67e907f0$52557f42@errno.com> <3E8A1122.5040304@isi.edu>
	<86fzp0riwl.fsf@notbsdems.interne.kisoft-services.com>
	<3E8B0DE1.1030500@isi.edu>
	<86brzorarp.fsf@notbsdems.interne.kisoft-services.com>
In-Reply-To: <86brzorarp.fsf@notbsdems.interne.kisoft-services.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: options FAST_IPSEC & tunnels
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Apr 2003 22:55:20 -0000

Hey

If you are interested, I've just connected to a PIX515 from a 4.7-STABLE 
machine in tunnel mode using racoon.  In my setup I did not use a gif 
tunnel.  There is a doc available here: 
http://klub.chip.pl/nolewajk/work/freebsd/FreeBSD-howto.htm.
that explains the procedure, however it doesnt work exactly as it 
appears. I can send you my PIX/racoon configs if you want.

Anthony Volodkin

Eric Masson wrote:

>>>>>>"Lars" == Lars Eggert <larse@ISI.EDU> writes:
>>>>>>            
>>>>>>
>
>Hello Lars,
>
> Lars> what's a pix?
>
>A firewall appliance from cisco :
>http://www.cisco.com/warp/public/cc/pd/fw/
>
> Lars> But chances are, you will need to control both endpoints for my
> Lars> suggestion to work.
>
>In this case, I don't even know if a pix can use transport mode and gre
>tunnels. I'll dig in the docs asap.
>
><Snip explanations regarding ipip tunnels & ipsec modes>
>
>Thanks for the detailled explanation.
>
>Regards
>
>Eric Masson
>
>  
>