[Openswan Users] IOS Cisco - bug
Ken Bantoft
ken at xelerance.com
Wed Feb 11 15:59:52 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 11 Feb 2004, David Prestwich wrote:
> Hello all,
>
> I am using an outdated freeswan 1.95 that works great but doesn't have
> all the functionality that the newer versions have. (I plan on
> upgrading just need the time and resources). I've ran into a little
> snag with a cisco IOS version 12.2 this past week and I know that it is
> a fault in the way it runs their proposal. In essence, freeswan sends
> out all the proposals as it should yet IOS fails on the first proposal
> of 3DES because the domain admin on the other side has set the
> configuration to DES. I asked if he would switch this to 3DES but he
> states he can't until he does an upgrade on their side to allow 3DES.
> During the connection the SA is established but no proposal is chosen
> because their side does not want to get set to 3DES. I can use DES on
> my 1.95 version and am using it currently with several sites. My
> question is: (and I'm pretty sure I know the answer) can I set 1.95 to
> tell it which level of encryption to use? I know in the newer version
> you can define say DES or 3DES but can you do this with the older ones?
> I don't think that you can. Any feedback would be great. Thanks.
Single DES is not supported in any version of FreeS/WAN, and won't be.
Openswan 1.0.0 has some support for it - it's disabled by default so you
need to turn it on at compile time.
You were right to ask them to upgrade - 1DES is considered insecure by
today's standards.
- --
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAKpfKPiOgilmwgkgRAi+lAJ9heR+DuiJEAxW8JFgrDn3rz19u6gCgidL3
PaliPXBQfdMs0hoDUt0mlIY=
=RQqh
-----END PGP SIGNATURE-----
More information about the Users
mailing list