[Openswan Users] tunnel using XAUTH client mode to Cisco 3000
series
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Jul 7 14:30:42 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "David" == David Edmondson <dme at dme.org> writes:
David> The configuration is based on that described in
David> docs/README.XAUTHclient, with only the IP addresses, authentication
David> tokens, etc. changed. No RSA signatures are involved, only a
David> pre-shared password.
You understand that you have to create a group with the name (in
ascii) of the IP address you are coming from on the 3K?
David> I noticed in a tcpdump of the IKE traffic that Openswan is using 'main
David> mode' where vpnc (which works okay, apart from not supporting
David> re-keying) uses 'aggressive mode'. [ I've read why Openswan doesn't
David> currently support aggressive mode and I'm not complaining, just
David> providing this as additional information. ]
Yes, that's correct.
David> I have no access to the remote Cisco 3000 machine (though I can ask
David> the people responsible questions).
Without a bug fix on the VPN3K, which Cisco people have told me that
aren't likely to do, because the PIX replaces the VPN3K in their product
line, you need to have a custom configuration on the 3K to make things
work.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQOwzP4qHRg3pndX9AQEtgQP/RWmHNGj1JWCmtkKLPCxqAdm6XdsYUMLd
z63E4eAmJA+m5pDUNNe1EwlywqDL5mpeNNgPEnp7kRQEznnZo8y+8/jc7TO4xqBj
YC8VWTM9zwK8aCY719WE7k4tmNwl0wwaYbOg/P7yRHR+ceNwMpWoiofHfS4YjbHj
CpA9vUsIdxc=
=mnoE
-----END PGP SIGNATURE-----
More information about the Users
mailing list