Nickolay Kritsky wrote:
I had a an experience of connecting 4.9 to cisco 3600 with ESP/3des/Md5 site-to-site IPsec vpn with ISAKMP based on preshared key. Software used was racoon and isakmp.
I can second this, though I was using pre 4.9 (4.8?). The key is to use "site-to-site" vs. the road warrior type configurations on the 3600.
Vendor road warrior setups I've seen tend to use a (proprietary) client to connect. The client (to simplify) will do things like setup a SSL/TLS connection for userid/password, send info for IKE (or just a "pre-shared" key), policy configuration etc. via that connection and modify the client's default route to send everything via the IPsec tunnel <g>. Then IPsec/IKE takes over.
The only had part is getting the admin for the 3600 to cooperate (e.g. treat my connection as different than everyone else.)
MikeC
-- Michael C. Cambria
email : [EMAIL PROTECTED] VoIP : sip:[EMAIL PROTECTED] FWD : sip:[EMAIL PROTECTED]
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
