This is an old revision of the document!
crypto isakmp policy 1 encr 3des authentication pre-share group 2 lifetime 3600 crypto isakmp key YOURKEY address 10.20.30.42 no-xauth ! ! crypto ipsec transform-set hostb-transform esp-3des esp-sha-hmac mode transport ! crypto map hostb-cryptomap 1 ipsec-isakmp set peer 10.20.30.42 set transform-set hostb-transform set pfs group2 match address hostb-list ! interface FastEthernet0/1 ip address 10.20.30.40 255.255.255.0 duplex auto speed auto crypto map hostb-cryptomap ! ip access-list extended hostb-list permit ip host 10.20.30.40 host 10.20.30.42 !
apt-get install racoon ipsec-tools
#!/usr/sbin/setkey -f flush; spdflush; spdadd 10.20.30.42 10.20.30.40 any -P out ipsec esp/transport//require; spdadd 10.20.30.40 10.20.30.42 any -P in ipsec esp/transport//require;