[linux] OpenSwan IPSEC pripojenie na Cisco concentrator
Juraj Variny
rini17 na gmail.com
Pátek Únor 27 16:25:19 CET 2009
Takuto tabulku s parametrami som dostal:
ISAKMP:
D-H group: 2
encryption: 3DES
hash SHA1
lifetime: 64800
IPSEC:
proto: ESP
ecryption: 3DES
lifetime: 3600
hash: SHA-1
pfs: DH Group 2
compression: no
Moj ipsec.conf:
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
nat_traversal=yes
uniqueids=yes
# so zapnutym port floating to zlyha ovela skor
plutoopts=--disable_port_floating
# connection
conn openswan-cisco
# Left security gateway, subnet behind it, next hop toward right.
# moja adresa smerom do internetu
left=10.0.0.112
leftid=<<nasa verejna IP>>
#LAN
leftsubnet=172.17.4.0/24
# Right security gateway, subnet behind it, next hop toward left.
right=<<remote verejna IP>>
rightsubnet=10.x.y.0/24
#ike,esp som skusal nastavit ale nema to vplyv
#ike=3des-sha1-modp1024
#esp= 3des-sha1
keyexchange= ike
pfs= yes
auto=start
authby=secret
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
Juraj
Dňa 26. február 2009 13:46, Michal Kadlic <michal at spinet.sk> napísal/a:
> Juraj Variny wrote:
>> IKE faza - autentifikacia - zbehne v poriadku, ale Cisco stale
>> odpoveda NO_PROPOSAL_CHOSEN pri pokuse vytvorit ESP tunel.
>
> No proposal chosen sa mi zda byt skor problem s nastavenym sifrovanim v
> 2. faze. Tu mas nastavenu dobre ?
>
> Pripadne hod konfiguracny subor.
> Mike
>
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
Další informace o konferenci linux