From owner-freebsd-net@FreeBSD.ORG  Mon Apr 18 13:38:58 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E29B016A4CE
	for <net@freebsd.org>; Mon, 18 Apr 2005 13:38:58 +0000 (GMT)
Received: from mail102.csoft.net (lilly.csoft.net [63.111.22.101])
	by mx1.FreeBSD.org (Postfix) with SMTP id 6114B43D1F
	for <net@freebsd.org>; Mon, 18 Apr 2005 13:38:52 +0000 (GMT)
	(envelope-from mcc@fid4.com)
Received: (qmail 8557 invoked from network); 18 Apr 2005 13:38:50 -0000
Received: from unknown (HELO ?127.0.0.1?) (63.111.26.110)
  by mail102.csoft.net with SMTP; 18 Apr 2005 13:38:50 -0000
Message-ID: <4263B868.5060701@fid4.com>
Date: Mon, 18 Apr 2005 09:38:48 -0400
From: "Michael C. Cambria" <mcc@fid4.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Nickolay Kritsky <Nickolay.Kritsky@astra-sw.com>
References: <D86BF562467D944EB435513F725B236A0DB1EE@exchange.stardevelopers4msi.com>
In-Reply-To: <D86BF562467D944EB435513F725B236A0DB1EE@exchange.stardevelopers4msi.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: Julian Elischer <julian@elischer.org>
cc: net@freebsd.org
Subject: Re: cisco vpn experience?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Apr 2005 13:38:59 -0000



Nickolay Kritsky wrote:

> I had a an experience of connecting 4.9 to cisco 3600 with ESP/3des/Md5 site-to-site IPsec vpn with ISAKMP based on preshared key. Software used was racoon and isakmp.

I can second this, though I was using pre 4.9 (4.8?).    The key is to 
use "site-to-site" vs. the road warrior type configurations on the 3600.

Vendor road warrior setups I've seen tend to use a (proprietary) client 
to connect.  The client (to simplify) will do things like setup a 
SSL/TLS connection for userid/password, send info for IKE (or just a 
"pre-shared" key), policy configuration etc. via that connection and 
modify the client's default route to send everything via the IPsec 
tunnel <g>.  Then IPsec/IKE takes over.

The only had part is getting the admin for the 3600 to cooperate (e.g. 
treat my connection as different than everyone else.)

MikeC

-- 
Michael C. Cambria

email : mcc@fid4.com
  VoIP : sip:mcc@mcambria.fid4.com
   FWD : sip:63730@fwd.pulver.com