Damian Cooke wrote:
> I could also use some help to connect freeswan to a cisco pix v5.3(1)
>
> Can anyone help ?.
I'm working on that right now. More specifically, I do have the Cisco
VPN Client 3.5 for Linux on my laptop and a PIX firewall running 6.1(1)
at the data center. They work perfectly well together, but I want to use
Freeswan instead of the Cisco VPN Client for the connection. So far I've
had a number of strange Oakley errors, but I've figured that Cisco's
terminology doesn't exactly match up to Freeswan's, so I'm hopefully
slowly converging at something that will be usable. Or else I'll revert
back to the Cisco VPN Client.
The "vpngroup" stuff in PIXos seems to be some kind of proprietary
extension. I'm not an expert on IPSec (yet), so I can't tell for sure.
For those who has no experience with a PIX, the following is an example
of a vpngroup in PIXos (the operating system that a Cisco PIX firewall
runs):
vpngroup vpn3000-all address-pool ipsec-pool
vpngroup vpn3000-all dns-server 10.1.1.1
vpngroup vpn3000-all wins-server 10.1.1.1
vpngroup vpn3000-all default-domain xyz.com
vpngroup vpn3000-all split-tunnel nonat
vpngroup vpn3000-all idle-time 1800
vpngroup vpn3000-all password XXX
The client logs in with the group name "vpn3000-all" and the password
"XXX" and picks up the settings defined for that group - DNS servers,
timeouts, domains and the like. That makes it very easy to configure the
clients from a central site.
But anyway, I'm trying be able to use Freeswan on my laptop instead of
the Cisco VPN client, and I figure I won't be able to use the vpngroup
stuff for remote configuration (this is actually the point where I'd
like somebody to respond "YOU'RE WRONG - THIS IS HOW YOU DO IT").
/Robert
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:42 CEST