====== Freeswan & Cisco ======

See {{ipsec:freeswan_cisco_howto.txt|this}}

===== Cisco stuff (PSK model) =====

   crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac 
   crypto dynamic-map dynmap 20 set transform-set hacker
   crypto map hacker 10 ipsec-isakmp
   crypto map hacker 10 match address IPSEC_hackers
   crypto map hacker 10 set peer 111.111.111.111
   crypto map hacker 10 set transform-set hackerZ
   crypto map hacker 20 ipsec-isakmp dynamic dynmap
   crypto map hacker client authentication LOCAL
   crypto map hacker interface outside
   isakmp enable outside
   isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode 
   isakmp identity address
   isakmp nat-traversal 20
   isakmp policy 10 authentication pre-share
   isakmp policy 10 encryption aes-256
   isakmp policy 10 hash sha
   isakmp policy 10 group 1
   isakmp policy 10 lifetime 86400
   isakmp policy 20 authentication pre-share
   isakmp policy 20 encryption 3des
   isakmp policy 20 hash md5
   isakmp policy 20 group 2
   isakmp policy 20 lifetime 86400
   vpngroup crm525gp address-pool vpnpool
   vpngroup crm525gp idle-time 1800
   vpngroup crm525gp max-time 86400
   vpngroup crm525gp password ********
   vpngroup helpgrp address-pool vpnpool2
   vpngroup helpgrp idle-time 1800
   vpngroup helpgrp max-time 86400
   vpngroup helpgrp password ********