User Tools

Site Tools

This is an old revision of the document!

crypto keyring CISICO 

crypto isakmp policy 30
 encr aes 256
 hash sha
 authentication pre-share
 group 1

crypto isakmp key 6 S[h]AH][Hcb\`aYPgB]HbY\^_ViYUOAAB address

crypto isakmp keepalive 10

crypto ipsec transform-set TS-02 esp-aes 256 esp-sha-hmac 
 mode transport

crypto ipsec profile IPPRO-01
 set security-association lifetime seconds 86400
 set transform-set TS-02 

interface Tunnel7
 description CISICO--V7
 ip address
 ip tcp adjust-mss 1420
 tunnel source Dialer0
 tunnel destination
 tunnel protection ipsec profile IPPRO-01
path pre_shared_key  "/usr/local/etc/racoon/psk.txt";
log debug;
padding {
  maximum_length 20;
  randomize off;
  strict_check off;
  exclusive_tail off;
remote anonymous {
    exchange_mode aggressive, main;
    lifetime time 1 hour;
    proposal {
        encryption_algorithm aes 256;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 1;
sainfo anonymous {
    pfs_group 1;
    lifetime time 1 hour;
    encryption_algorithm aes 256;
    authentication_algorithm hmac_sha1;
    compression_algorithm deflate;
spdadd gre -P out ipsec esp/transport//require;
spdadd gre -P in ipsec esp/transport//require;