[ previous ] [ next ] [ threads ]
 
 From:  Zach Lowry <zach at zachlowry dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Connection to Cisco 3000
 Date:  Sat, 11 Mar 2006 13:57:32 -0600 
-----BEGIN PGP SIGNED MESSAGE-----

Has anyone successfully set up a LAN-to-LAN between a m0n0wall and a  
Cisco 3000 VPN Concentrator? If so, any tips for someone trying to do  
it now? Here is how it errors currently:

Mar 10 19:43:40
racoon: INFO: IPsec-SA request for 66.45.14.11 queued due to no  
phase1 found.
Mar 10 19:43:40
racoon: INFO: initiate new phase 1 negotiation: 65.1.96.131[500] 
<=>66.45.14.11[500]
Mar 10 19:43:40
racoon: INFO: begin Identity Protection mode.
Mar 10 19:43:41
racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Mar 10 19:43:42
racoon: INFO: received Vendor ID: CISCO-UNITY
Mar 10 19:43:42
racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Mar 10 19:43:43
racoon: INFO: received Vendor ID: DPD
Mar 10 19:43:43
racoon: INFO: ISAKMP-SA established 65.1.96.131[500]-66.45.14.11[500]  
spi:9bddf8079f35cb41:67857737b5d650ce
Mar 10 19:43:44
racoon: INFO: initiate new phase 2 negotiation: 65.1.96.131[0] 
<=>66.45.14.11[0]
Mar 10 19:43:45
racoon: INFO: purging ISAKMP-SA spi=9bddf8079f35cb41:67857737b5d650ce.
Mar 10 19:43:45
racoon: INFO: purged IPsec-SA spi=159537462.
Mar 10 19:43:45
racoon: INFO: purged ISAKMP-SA spi=9bddf8079f35cb41:67857737b5d650ce.
Mar 10 19:43:46
racoon: INFO: ISAKMP-SA deleted 65.1.96.131[500]-66.45.14.11[500] spi: 
9bddf8079f35cb41:67857737b5d650ce

And my settings are as follows. On the m0n0 box:
Phase 1
Negotiation Mode: Main
My Identifier: My IP Address
Encryption Algorithm: 3DES
Hash Algorithm: MD5
DH Key Group: 2
Lifetime: 86400
Auth Method: Pre-Shared Key

Phase 2
Protocol: ESP
Encryption: 3DES
Hash: MD5
PFS Key Group: 2
Lifetime: 86400

And on the Cisco:
Connection Type: Answer Only
Authentication: ESP/MD5/HMAC-128
Encryption: 3DES-168
IKE Proposal: IKE-3DES-MD5

Seems like this should work for me. Anyone have any ideas?

- --
Zach Lowry
MTSU, Murfreesboro, TN
zach at zachlowry dot net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iQCVAwUBRBMrr0lgWWUxLyqhAQG0XQQAjLofpTZjs947XPpsTpldtVjp+ehVzePM
GWN5o+4ZSHTRv2EHR+Y7VUGYM7bulU+CUYd1hI408IKBJXTHl2ygRLO39hkLzyq2
BSqCK8LSpVg/OZG1HrDVoXIOg8jR1R6Z22e0Euy0X3XsuYPA5riKullXKXC48Kwf
qzyzyIFiVpA=
=6VeQ
-----END PGP SIGNATURE-----