wiki.lkaplan.cz

User Tools

Site Tools

Trace: ipsec
wiki:site:obecne:ipsec

This is an old revision of the document!

Table of Contents

IPsec (Debian-Cisco)

Cisco:

crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  lifetime 3600
crypto isakmp key YOURKEY address 10.20.30.42 no-xauth
!
!
crypto ipsec transform-set hostb-transform esp-3des esp-sha-hmac
  mode transport
!
crypto map hostb-cryptomap 1 ipsec-isakmp
  set peer 10.20.30.42
  set transform-set hostb-transform
  set pfs group2
  match address hostb-list
!
interface FastEthernet0/1
  ip address 10.20.30.40 255.255.255.0
  duplex auto
  speed auto
  crypto map hostb-cryptomap
!
ip access-list extended hostb-list
  permit ip host 10.20.30.40 host 10.20.30.42
!

Debian:

apt-get install racoon ipsec-tools 

#!/usr/sbin/setkey -f
 
flush;
spdflush;
 
spdadd 10.20.30.42 10.20.30.40 any -P out ipsec
  esp/transport//require;
 
spdadd 10.20.30.40 10.20.30.42 any -P in ipsec
  esp/transport//require;
wiki/site/obecne/ipsec.1363010673.txt.gz · Last modified: 2014/12/26 18:31 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki