Differences
This shows you the differences between two versions of the page.
Next revision
|
Previous revision
|
ipsec:swan-cisco [2006/03/04 19:52] 193.77.56.193 created |
ipsec:swan-cisco [2009/05/25 00:35] (current) |
====== Freeswan & Cisco ====== | ====== Freeswan & Cisco ====== |
| |
See file below | See {{ipsec:freeswan_cisco_howto.txt|this}} |
| |
| ===== Cisco stuff (PSK model) ===== |
| |
| crypto ipsec transform-set hacker esp-aes-256 esp-sha-hmac |
| crypto dynamic-map dynmap 20 set transform-set hacker |
| crypto map hacker 10 ipsec-isakmp |
| crypto map hacker 10 match address IPSEC_hackers |
| crypto map hacker 10 set peer 111.111.111.111 |
| crypto map hacker 10 set transform-set hackerZ |
| crypto map hacker 20 ipsec-isakmp dynamic dynmap |
| crypto map hacker client authentication LOCAL |
| crypto map hacker interface outside |
| isakmp enable outside |
| isakmp key ******** address 111.111.111.111 netmask 255.255.255.255 no-xauth no-config-mode |
| isakmp identity address |
| isakmp nat-traversal 20 |
| isakmp policy 10 authentication pre-share |
| isakmp policy 10 encryption aes-256 |
| isakmp policy 10 hash sha |
| isakmp policy 10 group 1 |
| isakmp policy 10 lifetime 86400 |
| isakmp policy 20 authentication pre-share |
| isakmp policy 20 encryption 3des |
| isakmp policy 20 hash md5 |
| isakmp policy 20 group 2 |
| isakmp policy 20 lifetime 86400 |
| vpngroup crm525gp address-pool vpnpool |
| vpngroup crm525gp idle-time 1800 |
| vpngroup crm525gp max-time 86400 |
| vpngroup crm525gp password ******** |
| vpngroup helpgrp address-pool vpnpool2 |
| vpngroup helpgrp idle-time 1800 |
| vpngroup helpgrp max-time 86400 |
| vpngroup helpgrp password ******** |
| |