Date: Tue, 14 Jul 2009 16:41:31 +0300 From: Eugene Perevyazko <john@dnepro.net> To: freebsd-net@freebsd.org Subject: Re: question regarding IPSEC Setup Message-ID: <20090714134131.GA23925@traktor.dnepro.net> In-Reply-To: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 13, 2009 at 11:09:11AM -0400, rascal wrote: > So I have a couple of questions regarding a scenario that has recently been > brought to me. I have two sites, one with a cisco device and one with a > server running freebsd 7.2. The client wants to connect the two sites using > these devices and I am told that the best way would be to establish an IPSEC > tunnel between the cisco device and the freebsd server. The cisco is a > concentrator 3000 and the server is just a dell poweredge 860 with 4 nics in > the back running 7.2 freebsd. I guess my two questions are: > > 1. Has anyone done this before and what are their results? I'm using several IPSec tunnels between cisco 851's and freebsd routers. It "just works". > 2. Is setting up an IPSEC tunnel the best route for this or is there > something else I should be looking at? IPSec is the standard for tunnels over internet. Cisco VPN requires their proprietary client, OpenVPN is not for ciscos. > 3. Any tips/tricks/good sites to check on for setting up IPSEC on freebsd > (I am currently reading > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html which > is pretty darn good)? I use IPSec tunnels without gif interface on freebsd, don't know if it will work with it. I declare policy in /etc/ipsec.conf, and use racoon (ports/security/ipsec-tools) to do all the rest. It's pretty simple on cisco side too. Just say if you need an example. -- Eugene Perevyazko
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090714134131.GA23925>