From owner-freebsd-net@FreeBSD.ORG Wed Jul 22 03:42:40 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78D641065674 for ; Wed, 22 Jul 2009 03:42:40 +0000 (UTC) (envelope-from rascal1981@gmail.com) Received: from mail-qy0-f191.google.com (mail-qy0-f191.google.com [209.85.221.191]) by mx1.freebsd.org (Postfix) with ESMTP id 2BAFE8FC08 for ; Wed, 22 Jul 2009 03:42:39 +0000 (UTC) (envelope-from rascal1981@gmail.com) Received: by qyk29 with SMTP id 29so485546qyk.3 for ; Tue, 21 Jul 2009 20:42:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=4Jr4vO4RjZmmUUZyT2+V/cIKFSYGIadeUap7VS6Uk1Y=; b=EEq+ttxSA2sgq1l3+Kx4F15805XJU+a2EleSG+aE3bkEaw+RpnKFCXjs6LzVb/X96Q JwYlZ+UCLwMURvCaERFjY1D7w1LOvKZqNRuLfnw6+mFkDuO3Aq9dJb2x55MOaok7Wt8D RD5MjC6/u96gMdrWw6wp/f9aWxCkxFSEp+e9k= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=pdvGyOOlYPo49ECT2zZJy/g8IWZJSDqSYQDJAZwNPZpx/jvPLxAA2a24a9ndekA+t9 Me/kLV3L+DEMRBJSkmhnhZLs6wKqCSFILhTpB8kbBg9guSmfdW+aTDtaMQ9rDTOQ5ZgP 5rqfkvDLRKq1vTbwugqrNw9oX/x6H5GP3akvU= MIME-Version: 1.0 Received: by 10.220.100.194 with SMTP id z2mr316163vcn.38.1248234159089; Tue, 21 Jul 2009 20:42:39 -0700 (PDT) In-Reply-To: <20090717062218.GL6896@verio.net> References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> <20090714134131.GA23925@traktor.dnepro.net> <3228ef7c0907140918i5d90dc44q995a4210f2767f9a@mail.gmail.com> <20090715001514.GU6896@verio.net> <3228ef7c0907141843s30df148eu2c6c64acd7748029@mail.gmail.com> <20090715021251.GV6896@verio.net> <3228ef7c0907142001y650892b3w696576647086ba38@mail.gmail.com> <20090717062218.GL6896@verio.net> Date: Tue, 21 Jul 2009 23:42:39 -0400 Message-ID: <3228ef7c0907212042vcc77f7cx1e73fc48ae9e8628@mail.gmail.com> From: rascal To: rascal , freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: question regarding IPSEC Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Jul 2009 03:42:40 -0000 Sorry for the delay on replying to this but I have been horribly swamped with a handful of other fires. I am coming back to this tomorrow and with a fresh cisco device! So I am hoping to have an update for you all tomorrow or the next day. Thanks again David for the fresh cisco example; I can already see at least to points of issue that I have made! I'll get back to you all soon and thanks again! On Fri, Jul 17, 2009 at 2:22 AM, David DeSimone wrote: > rascal wrote: > > > > If I could ask one more favor; what does your cisco config look like > > that would match one of these? I have got mine configed based on > > someone else's tunnel specs and while I am sure they are comparable I > > wanted to make sure I wasn't missing anything. > > Here's an example config that I sanitized from one of our Cisco routers; > I think it should work, but it's only an example. At some point you > have to adapt these configs to your own situation. :) > > crypto isakmp policy 1 > encr aes > authentication pre-share > group 2 > > crypto isakmp key SecretKey!! address 11.22.33.44 > > crypto ipsec transform-set AES-SHA1 esp-aes esp-sha-hmac > > crypto map IPSEC local-address GigabitEthernet0/1 > > crypto map IPSEC 1 ipsec-isakmp > set peer 11.22.33.44 > set transform-set AES-SHA1 > match address remote-site > > interface GigabitEthernet0/1 > ip address 55.66.77.88 255.255.255.224 > crypto map IPSEC > > ip access-list extended remote-site > permit ip 10.20.50.60 0.0.0.255 10.10.30.40 0.0.0.255 > permit ip 10.20.50.60 0.0.0.255 10.10.30.50 0.0.0.255 > permit ip 10.20.50.70 0.0.0.255 10.10.30.40 0.0.0.255 > permit ip 10.20.50.70 0.0.0.255 10.10.30.50 0.0.0.255 > > -- > David DeSimone == Network Admin == fox@verio.net > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has > been sent, and may contain information that is confidential or legally > protected. If you are not the intended recipient or have received this > message in error, you are not authorized to copy, distribute, or otherwise > use this message or its attachments. Please notify the sender immediately by > return e-mail and permanently delete this message and any attachments. > Verio, Inc. makes no warranty that this email is error or virus free. Thank > you. >