[ previous ] [ next ] [ threads ]
 
 From:  "Elijah Savage" <esavage at digitalrage dot org>
 To:  "Chris Nottingham" <chris at thewebgeek dot com>, "Josh McAllister" <josh at bluehornet dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0 to cisco point to point ipsec
 Date:  Fri, 4 Mar 2005 22:32:35 -0500
> 
> Thanks in advance,
> Chris
> 
> racoon: ERROR: pfkey.c:804:pfkey_timeover(): xxx.xxx.xxx.xxx give up
to
> get IPsec-SA due to time up to wait.
> racoon: ERROR: isakmp_inf.c:840:isakmp_info_recv_n(): unknown notify 
> message, no phase2 handle found.
> racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2
> negotiation: xxx.xxx.xxx.xxx[0]<=>xxx.xxx.xxx.xxx[0]
> racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA
established
> xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500] spi:blahblahblah
> racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Identity 
> Protection mode.
> racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1
> negotiation: xxx.xxx.xxx.xxx[500]<=>xxx.xxx.xxx.xxx[500]
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

------------------------------------------------------------------------
-------------------------------------
This will get you started. He will need to put in the appropriate
access-list 120 to send across the tunnel if he is a cisco guy he will
understand this.

crypto isakmp policy 11
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key XXX address X.X.X.X no-xauth


crypto ipsec transform-set myset esp-3des esp-md5-hmac 

crypto map clientmap 1 ipsec-isakmp 
 set peer X.X.X.X
 set transform-set myset 
 match address 120

Int s0/0
crypto map clientmap