Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 1001 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN with CISCO?

BarryG
anyone know if the VPN can connect to a CISCO firewall?

Does it use freeswan or what?

Thanks,
Barry


This thread was automatically locked due to age.
Parents
  • 0
    Hi Berry, 

    yes we use freeswan and yes we had several posting regarding successfull connection between cisco routers and asl.

    kind regards 
    gert
  • 0 in reply to Gert Hansen
    Hello everybody,
    Is someone try to setup a vpn between Astaro and a cisco router 2600????

    Best regards

    Jerome
  • 0 in reply to jemors
    Hi,

    I copied the following configuration
    from: http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/compatibility.html 

    --------------------
    Freeswan config:
    /etc/ipsec-auto

    auto    ipsec-router-test
            type=tunnel
            left=x.x.x.x
    # x.x.x.x = linux box public ip address
            right=y.y.y.y
    # y.y.y.y = router public ip address
            rightsubnet=192.168.2.0/24
    # private network behind the router - host to which throughput testing was done is here.
            keyexchange=ike
            encrypt=yes
            authenticate=no
            pfs=no
            lifetime=8h

    ----------------------------

    Cisco Router config:

    crypto isakmp policy 1
     encr 3des
     hash md5 
     authentication pre-share
    crypto isakmp key SECRET-VALUE address x.x.x.x 
    crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac 
    crypto map TEST 1 ipsec-isakmp  
     set peer x.x.x.x
     set transform-set 3DES-MD5 
     match address 101
    access-list 101 permit ip 192.168.2.0 0.0.0.255 host x.x.x.x
    interface 
    crypto map TEST
    -------------------------------------

    Make sure that your router supports 3DES.
    Authentication is missing in this example.
    Use PreSharedKey authentication.

    read you
    o|iver
Reply
  • 0 in reply to jemors
    Hi,

    I copied the following configuration
    from: http://www.freeswan.org/freeswan_trees/freeswan-1.3/doc/compatibility.html 

    --------------------
    Freeswan config:
    /etc/ipsec-auto

    auto    ipsec-router-test
            type=tunnel
            left=x.x.x.x
    # x.x.x.x = linux box public ip address
            right=y.y.y.y
    # y.y.y.y = router public ip address
            rightsubnet=192.168.2.0/24
    # private network behind the router - host to which throughput testing was done is here.
            keyexchange=ike
            encrypt=yes
            authenticate=no
            pfs=no
            lifetime=8h

    ----------------------------

    Cisco Router config:

    crypto isakmp policy 1
     encr 3des
     hash md5 
     authentication pre-share
    crypto isakmp key SECRET-VALUE address x.x.x.x 
    crypto ipsec transform-set 3DES-MD5 esp-3des esp-md5-hmac 
    crypto map TEST 1 ipsec-isakmp  
     set peer x.x.x.x
     set transform-set 3DES-MD5 
     match address 101
    access-list 101 permit ip 192.168.2.0 0.0.0.255 host x.x.x.x
    interface 
    crypto map TEST
    -------------------------------------

    Make sure that your router supports 3DES.
    Authentication is missing in this example.
    Use PreSharedKey authentication.

    read you
    o|iver
Children
No Data
Unfiltered HTML