From owner-freebsd-net@FreeBSD.ORG Tue Jul 14 16:18:20 2009 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF4641065670 for ; Tue, 14 Jul 2009 16:18:20 +0000 (UTC) (envelope-from rascal1981@gmail.com) Received: from mail-vw0-f172.google.com (mail-vw0-f172.google.com [209.85.212.172]) by mx1.freebsd.org (Postfix) with ESMTP id 83B818FC1E for ; Tue, 14 Jul 2009 16:18:20 +0000 (UTC) (envelope-from rascal1981@gmail.com) Received: by vwj2 with SMTP id 2so2609401vwj.3 for ; Tue, 14 Jul 2009 09:18:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=XH3uALdAHlx/A39LPm1HXS/fUIrid7nPcR6x5cWwL0M=; b=J7cqOg/E45/IWshWxU+8joGkinvLBq9s6m0QuSEF3TDDgpmCZpfJn2aY1/u98I+Iv2 4GzzNGZZxu3ly3+ExhddlMtTrgZ/4S9H9JpRGUJn5POPromje7vLMJyTIr6RaCz+Q+u1 8KwX4cec4IysAxFxWO39s237urebEH8loqWU0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=mm/Mp+nWlUCjswdVqcCySHkWVFxncqrI/caJ53TmPmrlM1aWxT+TIGV/csx/mj9cAI ZNZlKgku9olYJLSpa/CLAj9QZk6WIg5JeWGN5XzhPrd7++mbk+irAP+rB7yEScg2X6nv 5fZ9cMBt4aKcDwuq9HlO/Tb+nm5Dmvq7JcvFE= MIME-Version: 1.0 Received: by 10.220.75.141 with SMTP id y13mr9313204vcj.84.1247588299824; Tue, 14 Jul 2009 09:18:19 -0700 (PDT) In-Reply-To: <20090714134131.GA23925@traktor.dnepro.net> References: <3228ef7c0907130809n29566514xb2c1f522e1da8a3f@mail.gmail.com> <20090714134131.GA23925@traktor.dnepro.net> Date: Tue, 14 Jul 2009 12:18:19 -0400 Message-ID: <3228ef7c0907140918i5d90dc44q995a4210f2767f9a@mail.gmail.com> From: rascal To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: question regarding IPSEC Setup X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2009 16:18:21 -0000 Thanks for the input on this everyone! Eugene, I'll take you up on your offer of examples! I have a good idea of how to do this, I just want to make sure I get it right and if I have some examples to compare to that would be great! Thanks much! On Tue, Jul 14, 2009 at 9:41 AM, Eugene Perevyazko wrote: > On Mon, Jul 13, 2009 at 11:09:11AM -0400, rascal wrote: > > So I have a couple of questions regarding a scenario that has recently > been > > brought to me. I have two sites, one with a cisco device and one with a > > server running freebsd 7.2. The client wants to connect the two sites > using > > these devices and I am told that the best way would be to establish an > IPSEC > > tunnel between the cisco device and the freebsd server. The cisco is a > > concentrator 3000 and the server is just a dell poweredge 860 with 4 nics > in > > the back running 7.2 freebsd. I guess my two questions are: > > > > 1. Has anyone done this before and what are their results? > > I'm using several IPSec tunnels between cisco 851's and freebsd routers. > It "just works". > > > 2. Is setting up an IPSEC tunnel the best route for this or is there > > something else I should be looking at? > IPSec is the standard for tunnels over internet. Cisco VPN requires their > proprietary client, OpenVPN is not for ciscos. > > > 3. Any tips/tricks/good sites to check on for setting up IPSEC on > freebsd > > (I am currently reading > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.htmlwhich > > is pretty darn good)? > I use IPSec tunnels without gif interface on freebsd, don't know if it will > work with it. I declare policy in /etc/ipsec.conf, and use racoon > (ports/security/ipsec-tools) to do all the rest. It's pretty simple on cisco > side too. Just say if you need an example. > > -- > Eugene Perevyazko > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >