Differences
This shows you the differences between two versions of the page.
|
|
ipsec:swan-cisco [2007/09/14 18:08] a cisco stuff |
ipsec:swan-cisco [2009/05/25 00:35] |
====== Freeswan & Cisco ====== | |
| |
See {{ipsec:freeswan_cisco_howto.txt|this}} | |
| |
===== Cisco stuff (PSK model) ===== | |
| |
crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac | |
crypto dynamic-map dynmap 20 set transform-set hacker | |
crypto map hacker 10 ipsec-isakmp | |
crypto map hacker 10 match address IPSEC_hackers | |
crypto map hacker 10 set peer 111.111.111.111 | |
crypto map hacker 10 set transform-set hackerZ | |
crypto map hacker 20 ipsec-isakmp dynamic dynmap | |
crypto map hacker client authentication LOCAL | |
crypto map hacker interface outside | |
isakmp enable outside | |
isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode | |
isakmp identity address | |
isakmp nat-traversal 20 | |
isakmp policy 10 authentication pre-share | |
isakmp policy 10 encryption aes-256 | |
isakmp policy 10 hash sha | |
isakmp policy 10 group 1 | |
isakmp policy 10 lifetime 86400 | |
isakmp policy 20 authentication pre-share | |
isakmp policy 20 encryption 3des | |
isakmp policy 20 hash md5 | |
isakmp policy 20 group 2 | |
isakmp policy 20 lifetime 86400 | |
vpngroup crm525gp address-pool vpnpool | |
vpngroup crm525gp idle-time 1800 | |
vpngroup crm525gp max-time 86400 | |
vpngroup crm525gp password ******** | |
vpngroup helpgrp address-pool vpnpool2 | |
vpngroup helpgrp idle-time 1800 | |
vpngroup helpgrp max-time 86400 | |
vpngroup helpgrp password ******** | |
| |
| |