Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 25 May 2001 00:46:04 +0000
From:      Gunther Schadow <gunther@aurora.regenstrief.org>
To:        Jeff Kreska <jkreska@kreska.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: KAME and Cisco IPSEC server?
Message-ID:  <3B0DAB4C.97B920A9@aurora.regenstrief.org>
References:  <Pine.BSF.4.21.0105231005390.11612-100000@c528925-a.plano1.tx.home.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Jeff Kreska wrote:
> 
> Any one know if it is possible to connect to CISCo IPSEC server using KAME
> or any other FreeBSD IPSEC software.
> 
> I am not even sure how to find out what type of IPSEC the box is
> expecting.

Then you have to read the CISCO manuals on this. You want to
have both the command reference and the intro to IPsec, IKE,
and CA. Yes, you can do it and it has been done before. On PIX 
firewalls you can only do tunnel mode. With IOS IPsec you can do 
both tunnel and transport. In IOS I think you can do static keys, 
but they seem to prefer IKE. So use racoon, but my work with racoon 
wasn't very successful several months ago. Sakane has improved racoon 
since then though.

Upgrade IPsec on FreeBSD to a recent KAME-snap. Chances are 
you will have problems even with 4.3-RELEASE.

You need to tweak the Cisco thing to do what you can do. Go 
step by step. Start with configured tunnels and static keys.
Then add racoon with preshard key. Only then add certificates.
Racoon can do certificates, but bugs are to be expected. BTW
Cisco's things have bugs too!!!! So if something doesn't work
as expected, there can be many reasons.

good luck,
-Gunther

-- 
Gunther Schadow, M.D., Ph.D.                    gschadow@regenstrief.org
Medical Information Scientist      Regenstrief Institute for Health Care
Adjunct Assistent Professor        Indiana University School of Medicine
tel:1(317)630-7960                         http://aurora.regenstrief.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B0DAB4C.97B920A9>