From owner-freebsd-net@FreeBSD.ORG Fri Jul 17 06:22:23 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45F1C106564A for ; Fri, 17 Jul 2009 06:22:23 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay1-bcrtfl2.verio.net (relay1-bcrtfl2.verio.net [131.103.218.142]) by mx1.freebsd.org (Postfix) with ESMTP id EAE1B8FC14 for ; Fri, 17 Jul 2009 06:22:22 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw02.corp.verio.net (iad-wprd-xchw02.corp.verio.net [198.87.7.165]) by relay1-bcrtfl2.verio.net (Postfix) with ESMTP id 2D494B0382C0; Fri, 17 Jul 2009 02:22:22 -0400 (EDT) thread-index: AcoGpvEmGykjrHzOSyOrEqwibwimhw== Received: from dllstx1-8sst9f1.corp.verio.net ([10.144.0.64]) by iad-wprd-xchw02.corp.verio.net over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Fri, 17 Jul 2009 02:22:20 -0400 Received: by dllstx1-8sst9f1.corp.verio.net (sSMTP sendmail emulation); Fri, 17 Jul 2009 01:22:19 +0000 Date: Fri, 17 Jul 2009 01:22:19 -0500 Content-Transfer-Encoding: 7bit From: "David DeSimone" To: "rascal" Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Message-ID: <20090717062218.GL6896@verio.net> Mail-Followup-To: rascal , freebsd-net@freebsd.org References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> <20090714134131.GA23925@traktor.dnepro.net> <3228ef7c0907140918i5d90dc44q995a4210f2767f9a@mail.gmail.com> <20090715001514.GU6896@verio.net> <3228ef7c0907141843s30df148eu2c6c64acd7748029@mail.gmail.com> <20090715021251.GV6896@verio.net> <3228ef7c0907142001y650892b3w696576647086ba38@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <3228ef7c0907142001y650892b3w696576647086ba38@mail.gmail.com> Precedence: bulk User-Agent: Mutt/1.5.18 (2008-05-17) X-OriginalArrivalTime: 17 Jul 2009 06:22:20.0237 (UTC) FILETIME=[F07A5FD0:01CA06A6] Cc: freebsd-net@freebsd.org Subject: Re: question regarding IPSEC Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Jul 2009 06:22:23 -0000 rascal wrote: > > If I could ask one more favor; what does your cisco config look like > that would match one of these? I have got mine configed based on > someone else's tunnel specs and while I am sure they are comparable I > wanted to make sure I wasn't missing anything. Here's an example config that I sanitized from one of our Cisco routers; I think it should work, but it's only an example. At some point you have to adapt these configs to your own situation. :) crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key SecretKey!! address 11.22.33.44 crypto ipsec transform-set AES-SHA1 esp-aes esp-sha-hmac crypto map IPSEC local-address GigabitEthernet0/1 crypto map IPSEC 1 ipsec-isakmp set peer 11.22.33.44 set transform-set AES-SHA1 match address remote-site interface GigabitEthernet0/1 ip address 55.66.77.88 255.255.255.224 crypto map IPSEC ip access-list extended remote-site permit ip 10.20.50.60 0.0.0.255 10.10.30.40 0.0.0.255 permit ip 10.20.50.60 0.0.0.255 10.10.30.50 0.0.0.255 permit ip 10.20.50.70 0.0.0.255 10.10.30.40 0.0.0.255 permit ip 10.20.50.70 0.0.0.255 10.10.30.50 0.0.0.255 -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.