Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] linux-cisco problem again

From: Todd Pearsall (tpearsall_at_softhome.net)
Date: Wed Jun 05 2002 - 16:27:37 CEST

Next message: Atle Nissestad: "[Users] Re: Freeswan 1.97 w. ALGO-patch 0.8.0-pre13 and ISAKMPD: IKE problems"
Previous message: Chris Wilson: "Re: [Users] routing problem with dialup connection"
In reply to: Kuba Leszewski: "[Users] linux-cisco problem again"
Next in thread: Bantoft, Ken: "RE: [Users] linux-cisco problem again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Just a thought...I haven't used it personally, but there is a Cisco VPN
client that works under Linux.

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org] On Behalf Of Kuba Leszewski
> Sent: Wednesday, June 05, 2002 9:00 AM
> To: linux-ipsec_at_freeswan.org
> Subject: [Users] linux-cisco problem again
>
>
> Hi,
>
> The answer I previously got from You didn't work
> So here is my problem once again:
>
> Has anyone tried to set up a VPN between freeswan and Cisco,
> where Cisco has a static IP addres, and Freeswan has a
> dynamic IP (a dial-up
> connection) ?
>
> When both sides have static addresses, then everything works.
>
>
> And this time, here are my configs:
>
> Since this is just a test, the freeswan has got also a static
> addres, but I
> wanted to set up cisco, so it accepts connection from all addresses.
> That's why I used 0.0.0.0, but it doesn;t work.
>
> The negotiations fail in first step.
> On linux I just get:
> 104 "freeswan_cisco" #1:STATE_MAIN_I1: inititate
> and then a retransmissions 20 seconds later.
>
> Cisco logs say, that "atts are not acceptable".
>
>
> ##############################
> CISCO:
>
> crypto isakmp policy 10
> encr 3des
> hash md5
> authentication pre-share
> group 2
> lifetime 7200
> crypto isakmp key cisco1234 address 0.0.0.0
> !
> !
> crypto ipsec transform-set freeswan esp-3des esp-md5-hmac
> !
> crypto map freeswan 5 ipsec-isakmp
> set security-association lifetime seconds 14400
> set transform-set freeswan
> set pfs group2
> match address 100
> !
> !
> !
> !
> process-max-time 200
> !
> interface FastEthernet0/0
> description Internet
> ip address A.B.C.D 255.255.255.xxx
> no ip directed-broadcast
> speed 10
> crypto map freeswan
> !
> ....
> access-list 100 permit ip 172.25.192.0 0.0.0.255
> 192.168.255.0 0.0.0.255
> access-list 100 deny ip 172.25.192.0 0.0.0.255 any
> ....
>
>
> ##############################
> FRESSWAN
> conn freeswan_cisco
> #left
> leftid=E.F.G.H
> left=E.F.G.H
> leftnexthop=E.F.G.X
> leftsubnet=192.168.255.0/24
> #
> #right
> rightid=A.B.C.D
> right=A.B.C.D
> rightsubnet=172.25.192.0/24
> #
> #
> authby=secret
> rekey=yes
> keylife=20m
> ikelifetime=1h
> auto=add
>
>
> #################################
> ipsec.secrets
> E.F.G.H A.B.C.D PSK "cisco1234"
> #################################
>
> I'd very grateful for Your help.
>
> Regards
> Kuba
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Atle Nissestad: "[Users] Re: Freeswan 1.97 w. ALGO-patch 0.8.0-pre13 and ISAKMPD: IKE problems"
Previous message: Chris Wilson: "Re: [Users] routing problem with dialup connection"
In reply to: Kuba Leszewski: "[Users] linux-cisco problem again"
Next in thread: Bantoft, Ken: "RE: [Users] linux-cisco problem again"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST