Date: Tue, 14 Jul 2009 12:18:19 -0400 From: rascal <rascal1981@gmail.com> To: freebsd-net@freebsd.org Subject: Re: question regarding IPSEC Setup Message-ID: <3228ef7c0907140918i5d90dc44q995a4210f2767f9a@mail.gmail.com> In-Reply-To: <20090714134131.GA23925@traktor.dnepro.net> References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> <20090714134131.GA23925@traktor.dnepro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the input on this everyone! Eugene, I'll take you up on your offer of examples! I have a good idea of how to do this, I just want to make sure I get it right and if I have some examples to compare to that would be great! Thanks much! On Tue, Jul 14, 2009 at 9:41 AM, Eugene Perevyazko <john@dnepro.net> wrote: > On Mon, Jul 13, 2009 at 11:09:11AM -0400, rascal wrote: > > So I have a couple of questions regarding a scenario that has recently > been > > brought to me. I have two sites, one with a cisco device and one with a > > server running freebsd 7.2. The client wants to connect the two sites > using > > these devices and I am told that the best way would be to establish an > IPSEC > > tunnel between the cisco device and the freebsd server. The cisco is a > > concentrator 3000 and the server is just a dell poweredge 860 with 4 nics > in > > the back running 7.2 freebsd. I guess my two questions are: > > > > 1. Has anyone done this before and what are their results? > > I'm using several IPSec tunnels between cisco 851's and freebsd routers. > It "just works". > > > 2. Is setting up an IPSEC tunnel the best route for this or is there > > something else I should be looking at? > IPSec is the standard for tunnels over internet. Cisco VPN requires their > proprietary client, OpenVPN is not for ciscos. > > > 3. Any tips/tricks/good sites to check on for setting up IPSEC on > freebsd > > (I am currently reading > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.htmlwhich > > is pretty darn good)? > I use IPSec tunnels without gif interface on freebsd, don't know if it will > work with it. I declare policy in /etc/ipsec.conf, and use racoon > (ports/security/ipsec-tools) to do all the rest. It's pretty simple on cisco > side too. Just say if you need an example. > > -- > Eugene Perevyazko > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3228ef7c0907140918i5d90dc44q995a4210f2767f9a>