question regarding IPSEC Setup

rascal rascal1981 at gmail.com
Wed Jul 22 03:42:40 UTC 2009 

Sorry for the delay on replying to this but I have been horribly swamped
with a handful of other fires.  I am coming back to this tomorrow and with a
fresh cisco device!  So I am hoping to have an update for you all tomorrow
or the next day.  Thanks again David for the fresh cisco example; I can
already see at least to points of issue that I have made!  I'll get back to
you all soon and thanks again!

On Fri, Jul 17, 2009 at 2:22 AM, David DeSimone <fox at verio.net> wrote:

> rascal <rascal1981 at gmail.com> wrote:
> >
> > If I could ask one more favor; what does your cisco config look like
> > that would match one of these?  I have got mine configed based on
> > someone else's tunnel specs and while I am sure they are comparable I
> > wanted to make sure I wasn't missing anything.
>
> Here's an example config that I sanitized from one of our Cisco routers;
> I think it should work, but it's only an example.  At some point you
> have to adapt these configs to your own situation.  :)
>
>    crypto isakmp policy 1
>     encr aes
>     authentication pre-share
>     group 2
>
>    crypto isakmp key SecretKey!! address 11.22.33.44
>
>    crypto ipsec transform-set AES-SHA1 esp-aes esp-sha-hmac
>
>    crypto map IPSEC local-address GigabitEthernet0/1
>
>    crypto map IPSEC 1 ipsec-isakmp
>     set peer 11.22.33.44
>     set transform-set AES-SHA1
>     match address remote-site
>
>    interface GigabitEthernet0/1
>     ip address 55.66.77.88 255.255.255.224
>     crypto map IPSEC
>
>    ip access-list extended remote-site
>     permit ip 10.20.50.60 0.0.0.255 10.10.30.40 0.0.0.255
>     permit ip 10.20.50.60 0.0.0.255 10.10.30.50 0.0.0.255
>     permit ip 10.20.50.70 0.0.0.255 10.10.30.40 0.0.0.255
>     permit ip 10.20.50.70 0.0.0.255 10.10.30.50 0.0.0.255
>
> --
> David DeSimone == Network Admin == fox at verio.net
>  "I don't like spinach, and I'm glad I don't, because if I
>   liked it I'd eat it, and I just hate it." -- Clarence Darrow
>
>
> This email message is intended for the use of the person to whom it has
> been sent, and may contain information that is confidential or legally
> protected. If you are not the intended recipient or have received this
> message in error, you are not authorized to copy, distribute, or otherwise
> use this message or its attachments. Please notify the sender immediately by
> return e-mail and permanently delete this message and any attachments.
> Verio, Inc. makes no warranty that this email is error or virus free.  Thank
> you.
>

More information about the freebsd-net mailing list