User Tools

Site Tools


IPsec Cisco - FreeBSD & Racoon

3DES and MD5

interface Tunnel7
 description CISICO--V7
 ip address 10.122.3.2 255.255.255.252
 ip tcp adjust-mss 1420
 tunnel source Dialer0
 tunnel destination 116.203.229.50

crypto isakmp policy 20
 encr 3des
 hash md5
 authentication pre-share
 group 5
 lifetime 120

crypto isakmp key 6 RKZK`SeJfWSC`iGTHUSQGfQW\UcTg`AAB address 116.203.229.50

crypto ipsec transform-set TS-01 esp-3des esp-md5-hmac 
 mode transport

crypto map CM-01 10 ipsec-isakmp 
 set peer 116.203.229.50
 set transform-set TS-01 
 match address IPSEC-01


ip access-list extended IPSEC-01
 permit gre host 78.36.201.239 host 116.203.229.50
 permit gre host 116.203.229.50 host 78.36.201.239

interface Dialer0

 crypto map CM-01
end
spdflush;
spdadd 116.203.229.50/32 78.36.201.239/32  gre -P out ipsec esp/transport//require;
spdadd 78.36.201.239/32 116.203.229.50/32 gre -P in ipsec esp/transport//require;
path pre_shared_key  "/usr/local/etc/racoon/psk.txt";
log debug2;

padding {
  maximum_length 20;
  randomize off;
  strict_check off;
  exclusive_tail off;
}

remote anonymous {
    doi ipsec_doi;
    situation identity_only;
    exchange_mode main;
    lifetime time 1 hour;
    proposal_check obey;
    proposal {
        encryption_algorithm 3des;      
        hash_algorithm md5;             
        authentication_method pre_shared_key;
        dh_group 5;                     
    }
}

sainfo anonymous {
    pfs_group 5;                         
    lifetime time 1 hour;
    encryption_algorithm 3des;           
    authentication_algorithm hmac_md5;   
    compression_algorithm deflate;
}

SHA1 and AES256

crypto isakmp policy 30
 encr aes 256
 hash sha
 authentication pre-share
 group 1

crypto isakmp key 6 RKZK`SeJfWSC`iGTHUSQGfQW\UcTg`AAB address 116.203.229.50
crypto isakmp keepalive 10

crypto ipsec transform-set TS-02 esp-aes 256 esp-sha-hmac 
 mode transport

crypto map CM-01 10 ipsec-isakmp 
 set peer 116.203.229.50
 set transform-set TS-02 
 match address IPSEC-01
 crypto map CM-01
path pre_shared_key  "/usr/local/etc/racoon/psk.txt";
log debug2;
 
padding {
  maximum_length 20;
  randomize off;
  strict_check off;
  exclusive_tail off;
}
 
remote anonymous {
    exchange_mode aggressive;
    lifetime time 1 hour;
    proposal {
        encryption_algorithm aes 256;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 1;
    }
}
 
sainfo anonymous {
    pfs_group 5;
     lifetime time 1 hour;
    encryption_algorithm aes 256;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
}