[Openswan Users] Connecting Cisco routers (eg 837, 877) without static IP to OpenSWAN server
Paul Wouters
paul at xelerance.com
Mon Nov 20 00:04:45 EST 2006
On Mon, 20 Nov 2006, Aleks Huson wrote:
> I would like to setup an OpenSWAN server that will allow net-to-net
> connections from remote sites using various models of Cisco routers.
> - I need to be able to have different authentication for each site.
> so if I'm using right = %any, I assume that I cannot use PSK, unless I want
> to give everyone the same key
Correct.
> - Do I need to use authby = rsasig, or is there a better / simpler
> way of setting it up so that I can have a different "login" for each client.
Yes, and likely use X.509 because Cisco does not support raw RSA keys.
> - If I have to use rsasig, can anyone point me in the direction of
> how to setup the Cisco end of things?
I don't know of any cisco x509 examples. Anyone else?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list