Differences
This shows you the differences between two versions of the page.
| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
ipsec:swan-cisco [2006/03/04 19:53]
193.77.56.193 |
ipsec:swan-cisco [2009/05/25 00:35] (current)
|
| |
| See {{ipsec:freeswan_cisco_howto.txt|this}} | See {{ipsec:freeswan_cisco_howto.txt|this}} |
| | |
| | ===== Cisco stuff (PSK model) ===== |
| | |
| | crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac |
| | crypto dynamic-map dynmap 20 set transform-set hacker |
| | crypto map hacker 10 ipsec-isakmp |
| | crypto map hacker 10 match address IPSEC_hackers |
| | crypto map hacker 10 set peer 111.111.111.111 |
| | crypto map hacker 10 set transform-set hackerZ |
| | crypto map hacker 20 ipsec-isakmp dynamic dynmap |
| | crypto map hacker client authentication LOCAL |
| | crypto map hacker interface outside |
| | isakmp enable outside |
| | isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode |
| | isakmp identity address |
| | isakmp nat-traversal 20 |
| | isakmp policy 10 authentication pre-share |
| | isakmp policy 10 encryption aes-256 |
| | isakmp policy 10 hash sha |
| | isakmp policy 10 group 1 |
| | isakmp policy 10 lifetime 86400 |
| | isakmp policy 20 authentication pre-share |
| | isakmp policy 20 encryption 3des |
| | isakmp policy 20 hash md5 |
| | isakmp policy 20 group 2 |
| | isakmp policy 20 lifetime 86400 |
| | vpngroup crm525gp address-pool vpnpool |
| | vpngroup crm525gp idle-time 1800 |
| | vpngroup crm525gp max-time 86400 |
| | vpngroup crm525gp password ******** |
| | vpngroup helpgrp address-pool vpnpool2 |
| | vpngroup helpgrp idle-time 1800 |
| | vpngroup helpgrp max-time 86400 |
| | vpngroup helpgrp password ******** |
| | |
