From owner-freebsd-net@FreeBSD.ORG Tue Jul 14 07:40:45 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8FEC4106566C for ; Tue, 14 Jul 2009 07:40:45 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (unknown [IPv6:2607:f678:1010::34]) by mx1.freebsd.org (Postfix) with ESMTP id 68FEF8FC22 for ; Tue, 14 Jul 2009 07:40:45 +0000 (UTC) (envelope-from perryh@pluto.rain.com) Received: from agora.rdrop.com (66@localhost [127.0.0.1]) by agora.rdrop.com (8.13.1/8.12.7) with ESMTP id n6E7eiNP011901 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 14 Jul 2009 00:40:44 -0700 (PDT) (envelope-from perryh@pluto.rain.com) Received: (from uucp@localhost) by agora.rdrop.com (8.13.1/8.12.9/Submit) with UUCP id n6E7eiqV011900; Tue, 14 Jul 2009 00:40:44 -0700 (PDT) Received: from fbsd61 by pluto.rain.com (4.1/SMI-4.1-pluto-M2060407) id AA15807; Tue, 14 Jul 09 00:32:55 PDT Date: Tue, 14 Jul 2009 00:30:23 -0700 From: perryh@pluto.rain.com To: rascal1981@gmail.com Message-Id: <4a5c340f.kgJItzxBrh6/yWqR%perryh@pluto.rain.com> References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> In-Reply-To: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> User-Agent: nail 11.25 7/29/05 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: question regarding IPSEC Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2009 07:40:45 -0000 rascal wrote: > ... I have two sites, one with a cisco device and one with a > server running freebsd 7.2. The client wants to connect the two > sites using these devices and I am told that the best way would > be to establish an IPSEC tunnel between the cisco device and the > freebsd server. The cisco is a concentrator 3000 and the server > is just a dell poweredge 860 with 4 nics in the back running 7.2 > freebsd. I guess my two questions are: > > 1. Has anyone done this before and what are their results? > 2. Is setting up an IPSEC tunnel the best route for > this or is there something else I should be looking at? > 3. Any tips/tricks/good sites to check on for > setting up IPSEC on freebsd (I am currently reading > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html > which is pretty darn good)? I am no expert, just a user: my employer uses Cisco VPN for remote access. Last I knew Cisco had VPN clients available for Windows and for (some version of) Linux. There's no official FreeBSD client AFAIK, but ports/security/vpnc seems to work well for the purpose. I have no idea how the Cisco end is set up, but have gotten the impression that it may involve some sort of Cisco proprietary extensions to IPSEC.