[Users] Working Cisco AS5300 & Freeswan 1.98b Setup

From: Scot Hollingsworth (Scot.Hollingsworth_at_arch.com)
Date: Tue Oct 29 2002 - 23:47:28 CET

• Next message: Geoff Silver: "[Users] FreeSWAN problems"
• Previous message: Stephen J. Bevan: "[Users] options field in inner ip header"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Working config for a Cisco AS5300 running 12.2(12)a and Freeswan 1.98b
 
Linux: RedHat 7.3
kernel: 2.4.18-3
 
Cisco conf:
crypto isakmp policy 1
    encr 3des
    hash md5
    authentication pre-share
    group 5
!
crypto isakmp key cisco address 172.19.45.2
!
crypto ipsec transform-set transet1 esp-3des esp-md5-hmac
!
crypto map vpnl2l 1 ipsec-isakmp
    set peer 172.19.45.2
    set transform-set transet1
    match address 110
!
interface Ethernet0
    description Test VPN
    ip address 172.19.45.1 255.255.255.0
    no cdp enable
    crypto map vpnl2l
!
interface FastEthernet0
    ip address 10.48.1.245 255.255.255.0
!
ip route 10.48.110.0 255.255.255.0 172.19.45.2
!
access-list 110 permit ip 10.48.1.0 0.0.0.255 10.48.110.0 0.0.0.255
 
RedHat 7.3 conf:
 
eth0 172.19.45.2 255.255.255.0
eth1 10.48.110.1 255.255.255.0
 
FreeSwan 1.98b conf:
 
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
 # THIS SETTING MUST BE CORRECT or almost nothing will work;
 # %defaultroute is okay for most simple cases.
 interfaces="ipsec0=eth0"
 # Debug-logging controls: "none" for (almost) none, "all" for lots.
 klipsdebug=none
 plutodebug=none
 # Use auto= parameters in conn descriptions to control startup actions.
 plutoload="arch"
 plutostart=arch
 # Close down old connection when new one using same ID shows up.
 uniqueids=yes
 
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
 keyingtries=0
 
conn arch
 left=172.19.45.2
 leftsubnet=10.48.110.0/24
 right=172.19.45.1
 rightsubnet=10.48.1.0/24
 authby=secret
 auto=start
 pfs=no

 
 
# /etc/ipsec.secrets config
172.19.45.2 172.19.45.1 : PSK "cisco"
 
 
Good Luck!
 
 
-Scot
 
Scot Hollingsworth
Sr. Network Tech
Arch Wireless
 

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Geoff Silver: "[Users] FreeSWAN problems"
• Previous message: Stephen J. Bevan: "[Users] options field in inner ip header"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Oct 30 2002 - 05:20:34 CET