[ previous ] [ next ] [ threads ]
 
 From:  "Josh McAllister" <josh at bluehornet dot com>
 To:  "Chris Nottingham" <chris at thewebgeek dot com>, "Elijah Savage" <esavage at digitalrage dot org>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0 to cisco point to point ipsec
 Date:  Mon, 7 Mar 2005 07:41:17 -0800
You should use whatever you already have... according to the logs in
your original post, phase1 succeeded.

Josh McAllister

> -----Original Message-----
> From: Chris Nottingham [mailto:chris at thewebgeek dot com]
> Sent: Sunday, March 06, 2005 4:46 PM
> To: Elijah Savage; m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] m0n0 to cisco point to point ipsec
> 
> Elijah,
> 
> Thank you for the config.  I have just a couple questions to clarify
the
> whole config. I would set my m0n0 for 3DES/MD5 for phase 1 with
> pre-shared secret, and phase 2 would be ESP with 3DES/MD5?  What would
I
> use for the DH group for phase 1 with this config?
> 
> Thanks,
> Chris
> 
>
------------------------------------------------------------------------
> ----
> 
> This will get you started. He will need to put in the appropriate
> access-list 120 to send across the tunnel if he is a cisco guy he will
> understand this.
> 
> crypto isakmp policy 11
>  encr 3des
>  hash md5
>  authentication pre-share
> crypto isakmp key XXX address X.X.X.X no-xauth
> 
> 
> crypto ipsec transform-set myset esp-3des esp-md5-hmac
> 
> crypto map clientmap 1 ipsec-isakmp
>  set peer X.X.X.X
>  set transform-set myset
>  match address 120
> 
> Int s0/0
> crypto map clientmap
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch