Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
openswan [2006/07/25 15:49] a created |
openswan [2012/05/17 08:37] greebo old revision restored |
||
---|---|---|---|
Line 4: | Line 4: | ||
see: [[http:// | see: [[http:// | ||
+ | |||
+ | ===== ipsec.secrets ===== | ||
+ | <code |f ipsec.secrets> | ||
+ | x.x.x.x | ||
+ | x.x.x.x %any: | ||
+ | : RSA { | ||
+ | # RSA 2048 bits | ||
+ | # for signatures only, UNSAFE FOR ENCRYPTION | ||
+ | # | ||
+ | </ | ||
+ | |||
+ | ===== OpenSWAN + Cisco PIX ===== | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | interfaces=%defaultroute | ||
+ | klipsdebug=all #enable debugging | ||
+ | plutodebug=all | ||
+ | |||
+ | conn tunnelipsec | ||
+ | type=tunnel | ||
+ | left=x.x.x.x | ||
+ | leftnexthop=y.y.y.y | ||
+ | leftsubnet=10.0.0.0/ | ||
+ | right=%any | ||
+ | rightnexthop=%defaultroute | ||
+ | rightsubnet=10.2.0.0/ | ||
+ | esp=3des-sha1 | ||
+ | keyexchange=ike | ||
+ | authby=secret | ||
+ | pfs=yes | ||
+ | auto=add | ||
+ | | ||
+ | |||
+ | PIX setup | ||
+ | |||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | nat (inside) 0 access-list 108 | ||
+ | | ||