[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ISAKMPD VPN w/ Cisco Concentrator



On Wed, Mar 23, 2005 at 12:28:17PM -0500, Paul Lussier wrote:
> Hi all,
>
> I'm need of a little help setting up a VPN tunnel between my OpenBSD
> box and a Cisco VPN concentrator.  I have successfully set up a tunnel
> with another OpenBSD box, but in trying to change the isakmpd.conf to
> then connect to the Cisco, I'm running into trouble.
>
> Part of my problem is that I have no Cisco VPN experience, so I don't
> know how translate the options set on the Cisco side to something
> usable by isakmpd.  The person in charge of the Cisco side sent me the
> following config settings:
>
>    Interface is 192.168.0.5
>    Authentication ESP/MD5/HMAC-128
>    Encryption 3DES-168
>    IKE Proposal IKE-3DES-MD5
>    Preshared Key is f00zb411
>    Target Network 192.168.0.0
>
> Should 'Athentication' above be AUTHENTICATION_METHOD in isakmpd.conf?
> And what does 'IKE Proposal' mean?  I couldn't find anything that
> seemed to match up with that in the isakmpd.conf man page.
It's simply the algorithm that you want to use to set up IKE. Has to do with
dyanmic SAs.

Good luck, btw. I can make almost any IPSEC capable device talk to almost any
other IPSEC capable device. But the only thing I have ever got to talk to a
Cisco is a Cisco.

Can't help but notice that you just sent a preshared key to the whole world.
>
> I'll gladly sent my iskmpd.conf file if anyone needs to see it.
>
> Thanks.
>
> --
>
> Seeya,
> Paul
>
> [demime 1.01d removed an attachment of type application/pgp-signature]
>

--
BOFH excuse #287:

Telecommunications is downshifting.

[demime 1.01d removed an attachment of type application/pgp-signature]