question regarding IPSEC Setup
Eugene Perevyazko
john at dnepro.net
Tue Jul 14 13:56:04 UTC 2009
On Mon, Jul 13, 2009 at 11:09:11AM -0400, rascal wrote:
> So I have a couple of questions regarding a scenario that has recently been
> brought to me. I have two sites, one with a cisco device and one with a
> server running freebsd 7.2. The client wants to connect the two sites using
> these devices and I am told that the best way would be to establish an IPSEC
> tunnel between the cisco device and the freebsd server. The cisco is a
> concentrator 3000 and the server is just a dell poweredge 860 with 4 nics in
> the back running 7.2 freebsd. I guess my two questions are:
>
> 1. Has anyone done this before and what are their results?
I'm using several IPSec tunnels between cisco 851's and freebsd routers.
It "just works".
> 2. Is setting up an IPSEC tunnel the best route for this or is there
> something else I should be looking at?
IPSec is the standard for tunnels over internet. Cisco VPN requires their proprietary client, OpenVPN is not for ciscos.
> 3. Any tips/tricks/good sites to check on for setting up IPSEC on freebsd
> (I am currently reading
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html which
> is pretty darn good)?
I use IPSec tunnels without gif interface on freebsd, don't know if it will work with it. I declare policy in /etc/ipsec.conf, and use racoon (ports/security/ipsec-tools) to do all the rest. It's pretty simple on cisco side too. Just say if you need an example.
--
Eugene Perevyazko
More information about the freebsd-net
mailing list