Hi here is some information on getting an IPSEC VPN going between and Astaro V4 and a Cisco 7200 Router with the encryption accelerator module loaded. The Cisco is running IOS version 12.3(3) firewall/3DES/IP feature set.
crypto isakmp policy 1 (this defines the IKE phase I properties. You can have multiple policy combinations which the router will try to match one at a time)
encr 3des
hash md5
authentication pre-share
group 2
lifetime 3600
crypto ipsec transform-set tranf-set-3des-md5 esp-3des esp-md5-hmac (sets the phase II properties, giving it the name "tranf-set-3des-md5")
crypto map crypto-map-int-f00 1 ipsec-isakmp (creates an entry in the crypto map "crypto-map-int-f00")
set peer 192.168.1.1 (set remote end's VPN end-point)
set transform-set tranf-set-3des-md5 (apply phase II properties to this VPN)
match address 101 (define encryption domains by matching this access-list)
interface FastEthernet 0/0
crypto map crypto-map-int-f00 (apply crypto map to interface)
access-list 101 permit ip 10.1.1.0 0.0.0.255 192.168.2.0 0.0.0.255 (define encryption domain - local subnet 10.1.1.0/24, remote subnet 192.168.2.0/24)
As far as the Astaro goes, just used PSK 3Des-CBC, MD5 160Bit. DH Group 2, SA 86400.
IPSEC Mode tunnel, ESP, 3DES, enforce algorithm off, MD5 160Bit, SA 3600 , NO PFS, Compression Off.
Regards
Tim
This thread was automatically locked due to age.
