[ previous ] [ next ] [ threads ]
 From:  "Elijah Savage" <esavage at digitalrage dot org>
 To:  "Chris Nottingham" <chris at thewebgeek dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] m0n0 to cisco point to point ipsec
 Date:  Mon, 7 Mar 2005 18:51:56 -0500
Let me know if you got it working. 

-----Original Message-----
From: Chris Nottingham [mailto:chris at thewebgeek dot com] 
Sent: Sunday, March 06, 2005 6:46 PM
To: Elijah Savage; m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] m0n0 to cisco point to point ipsec


Thank you for the config.  I have just a couple questions to clarify the
whole config. I would set my m0n0 for 3DES/MD5 for phase 1 with
pre-shared secret, and phase 2 would be ESP with 3DES/MD5?  What would I
use for the DH group for phase 1 with this config?



This will get you started. He will need to put in the appropriate
access-list 120 to send across the tunnel if he is a cisco guy he will
understand this.

crypto isakmp policy 11
 encr 3des
 hash md5
 authentication pre-share
crypto isakmp key XXX address X.X.X.X no-xauth

crypto ipsec transform-set myset esp-3des esp-md5-hmac 

crypto map clientmap 1 ipsec-isakmp
 set peer X.X.X.X
 set transform-set myset
 match address 120

Int s0/0
crypto map clientmap