Sorry for the delay on replying to this but I have been horribly swamped with a handful of other fires. I am coming back to this tomorrow and with a fresh cisco device! So I am hoping to have an update for you all tomorrow or the next day. Thanks again David for the fresh cisco example; I can already see at least to points of issue that I have made! I'll get back to you all soon and thanks again!
On Fri, Jul 17, 2009 at 2:22 AM, David DeSimone <f...@verio.net> wrote: > rascal <rascal1...@gmail.com> wrote: > > > > If I could ask one more favor; what does your cisco config look like > > that would match one of these? I have got mine configed based on > > someone else's tunnel specs and while I am sure they are comparable I > > wanted to make sure I wasn't missing anything. > > Here's an example config that I sanitized from one of our Cisco routers; > I think it should work, but it's only an example. At some point you > have to adapt these configs to your own situation. :) > > crypto isakmp policy 1 > encr aes > authentication pre-share > group 2 > > crypto isakmp key SecretKey!! address 11.22.33.44 > > crypto ipsec transform-set AES-SHA1 esp-aes esp-sha-hmac > > crypto map IPSEC local-address GigabitEthernet0/1 > > crypto map IPSEC 1 ipsec-isakmp > set peer 11.22.33.44 > set transform-set AES-SHA1 > match address remote-site > > interface GigabitEthernet0/1 > ip address 55.66.77.88 255.255.255.224 > crypto map IPSEC > > ip access-list extended remote-site > permit ip 10.20.50.60 0.0.0.255 10.10.30.40 0.0.0.255 > permit ip 10.20.50.60 0.0.0.255 10.10.30.50 0.0.0.255 > permit ip 10.20.50.70 0.0.0.255 10.10.30.40 0.0.0.255 > permit ip 10.20.50.70 0.0.0.255 10.10.30.50 0.0.0.255 > > -- > David DeSimone == Network Admin == f...@verio.net > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has > been sent, and may contain information that is confidential or legally > protected. If you are not the intended recipient or have received this > message in error, you are not authorized to copy, distribute, or otherwise > use this message or its attachments. Please notify the sender immediately by > return e-mail and permanently delete this message and any attachments. > Verio, Inc. makes no warranty that this email is error or virus free. Thank > you. > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
