Differences
This shows you the differences between two versions of the page.
|
|
|
ipsec:swan-cisco [2007/09/14 18:08]
a cisco stuff |
ipsec:swan-cisco [2009/05/25 00:35]
|
| ====== Freeswan & Cisco ====== | |
| |
| See {{ipsec:freeswan_cisco_howto.txt|this}} | |
| |
| ===== Cisco stuff (PSK model) ===== | |
| |
| crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac | |
| crypto dynamic-map dynmap 20 set transform-set hacker | |
| crypto map hacker 10 ipsec-isakmp | |
| crypto map hacker 10 match address IPSEC_hackers | |
| crypto map hacker 10 set peer 111.111.111.111 | |
| crypto map hacker 10 set transform-set hackerZ | |
| crypto map hacker 20 ipsec-isakmp dynamic dynmap | |
| crypto map hacker client authentication LOCAL | |
| crypto map hacker interface outside | |
| isakmp enable outside | |
| isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode | |
| isakmp identity address | |
| isakmp nat-traversal 20 | |
| isakmp policy 10 authentication pre-share | |
| isakmp policy 10 encryption aes-256 | |
| isakmp policy 10 hash sha | |
| isakmp policy 10 group 1 | |
| isakmp policy 10 lifetime 86400 | |
| isakmp policy 20 authentication pre-share | |
| isakmp policy 20 encryption 3des | |
| isakmp policy 20 hash md5 | |
| isakmp policy 20 group 2 | |
| isakmp policy 20 lifetime 86400 | |
| vpngroup crm525gp address-pool vpnpool | |
| vpngroup crm525gp idle-time 1800 | |
| vpngroup crm525gp max-time 86400 | |
| vpngroup crm525gp password ******** | |
| vpngroup helpgrp address-pool vpnpool2 | |
| vpngroup helpgrp idle-time 1800 | |
| vpngroup helpgrp max-time 86400 | |
| vpngroup helpgrp password ******** | |
| |
| |
