Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(6)T2, RELEASE SOFTWARE (fc1)

#show crypto isakmp policy
Global IKE policy
Protection suite of priority 1
        encryption algorithm:   Three key triple DES
        hash algorithm:         Secure Hash Standard
        authentication method:  Pre-Shared Key
        Diffie-Hellman group:   #2 (1024 bit)
        lifetime:               86400 seconds, no volume limit

#show crypto ipsec sa peer 202.89.xxx.xxx

interface: FastEthernet4
    Crypto map tag: SDM_CMAP_1, local addr 203.97.xxx.xxx

   protected vrf: (none)
   local  ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
   remote ident (addr/mask/prot/port): (172.24.99.0/255.255.255.0/0/0)
   current_peer 202.89.xxx.xxx port 500
     PERMIT, flags={origin_is_acl,}
    #pkts encaps: 1799, #pkts encrypt: 1799, #pkts digest: 1799
    #pkts decaps: 2143, #pkts decrypt: 2143, #pkts verify: 2143
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0

     local crypto endpt.: 203.97.xxx.xxx, remote crypto endpt.: 202.89.xxx.xxx
     path mtu 1500, ip mtu 1500
     current outbound spi: 0x8D7C9D77(2373754231)

     inbound esp sas:
      spi: 0x41AEBCEC(1101970668)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 29, flow_id: Motorola SEC 1.0:29, crypto map: SDM_CMAP_1
        sa timing: remaining key lifetime (k/sec): (4472922/2002)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     inbound ah sas:

     inbound pcp sas:

     outbound esp sas:
      spi: 0x8D7C9D77(2373754231)
        transform: esp-3des esp-sha-hmac ,
        in use settings ={Tunnel, }
        conn id: 30, flow_id: Motorola SEC 1.0:30, crypto map: SDM_CMAP_1
        sa timing: remaining key lifetime (k/sec): (4473075/1992)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE

     outbound ah sas:

     outbound pcp sas:

Linux Openswan U2.4.12/K2.6.25-gentoo-r7 (netkey)

#ipsec verify
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.4.12/K2.6.25-gentoo-r7 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
Checking for RSA private key (/etc/ipsec/ipsec.secrets)         [OK]
Checking that pluto is running                                  [OK]
Two or more interfaces found, checking IP forwarding            [OK]
Checking NAT and MASQUERADEing
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]

# cat /etc/ipsec/ipsec.conf
version 2.0
config setup
        nat_traversal=no
        virtual_private=%v4:192.168.2.0/24,%v4:172.24.99.0/24
        nhelpers=0
include /etc/ipsec/ipsec.d/examples/no_oe.conf

conn max-ponsonby
        type=tunnel
        left=202.89.xxx.xxx
        leftsubnet=172.24.99.0/24
        leftsourceip=172.24.99.1
        right=203.97.xxx.xxx
        rightsubnet=192.168.2.0/24
        rightsourceip=192.168.2.1
        keyexchange=ike
        auto=start
        authby=secret
        ike=3des-sha1-modp1024
        esp=3des-sha1
        leftid=202.89.xxx.xxx
        dpddelay=30
        dpdtimeout=120
        dpdaction=restart
        pfs=yes
        pfsgroup=modp1024
        keylife=3600s
        keyingtries=%forever
        ikelifetime=24h
        compress=no