wiki.lkaplan.cz

User Tools

Site Tools

Trace: site ipsec
wiki:site:obecne:ipsec

This is an old revision of the document!

Table of Contents

IPsec (Debian-Cisco)

Cisco:

crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  lifetime 3600
crypto isakmp key YOURKEY address 10.20.30.42 no-xauth
!
!
crypto ipsec transform-set hostb-transform esp-3des esp-sha-hmac
  mode transport
!
crypto map hostb-cryptomap 1 ipsec-isakmp
  set peer 10.20.30.42
  set transform-set hostb-transform
  set pfs group2
  match address hostb-list
!
interface FastEthernet0/1
  ip address 10.20.30.40 255.255.255.0
  duplex auto
  speed auto
  crypto map hostb-cryptomap
!
ip access-list extended hostb-list
  permit ip host 10.20.30.40 host 10.20.30.42
!
# enable IKE debugging
debug crypto isakmp

# enable IPSec debugging
debug crypto ipsec

# disable all debugging
no debug all

Debian:

apt-get install racoon ipsec-tools

/etc/ipsec-tools.conf
#!/usr/sbin/setkey -f

flush;
spdflush;

spdadd 10.20.30.42 10.20.30.40 any -P out ipsec
  esp/transport//require;

spdadd 10.20.30.40 10.20.30.42 any -P in ipsec
  esp/transport//require;
/etc/racoon/racoon.conf
path pre_shared_key "/etc/racoon/psk.txt";
path certificate "/etc/racoon/certs";

remote 10.20.30.40 {
    exchange_mode main;
    lifetime time 1 hour;
    proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 2;
    }
}

sainfo anonymous
{
    pfs_group 2;
    lifetime time 1 hour;
    encryption_algorithm 3des;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
}
/etc/racoon/psk.txt
10.20.30.40 YOURKEY
wiki/site/obecne/ipsec.1363010889.txt.gz · Last modified: 2014/12/26 18:31 (external edit)

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki