====== Freeswan & Cisco ====== See {{ipsec:freeswan_cisco_howto.txt|this}} ===== Cisco stuff (PSK model) ===== crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac crypto dynamic-map dynmap 20 set transform-set hacker crypto map hacker 10 ipsec-isakmp crypto map hacker 10 match address IPSEC_hackers crypto map hacker 10 set peer 111.111.111.111 crypto map hacker 10 set transform-set hackerZ crypto map hacker 20 ipsec-isakmp dynamic dynmap crypto map hacker client authentication LOCAL crypto map hacker interface outside isakmp enable outside isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode isakmp identity address isakmp nat-traversal 20 isakmp policy 10 authentication pre-share isakmp policy 10 encryption aes-256 isakmp policy 10 hash sha isakmp policy 10 group 1 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup crm525gp address-pool vpnpool vpngroup crm525gp idle-time 1800 vpngroup crm525gp max-time 86400 vpngroup crm525gp password ******** vpngroup helpgrp address-pool vpnpool2 vpngroup helpgrp idle-time 1800 vpngroup helpgrp max-time 86400 vpngroup helpgrp password ********