IPSec, racoon and Cisco PIX

23 Jan 2007, 11:57

4 comments

While making an IPSec connection from a Debian Etch machine to a Cisco PIX, I had a lot of help from these pages:

PIX IPSec VPN to FreeBSD (yes, it’s the same racoon as Debian uses, so it works the same)

Important parts to know:

Racoon really doesn’t want to recieve a FQDN when it’s trying to create a connection with a shared key. Make sure the Cisco has the line isakmp identity address in it’s config.
Don’t forget to set your DH and PFS number at the same number as the Cisco.
It’s probably somewhere in the man-page, but I couldn’t find it right away: If you want to use AES-256, you can simply set this with encryption aes 256; in the Racoon config. Default is AES-128.

I’m glad I got this working correctly

← Huisje zoeken (3) DRAC 5 →

@ArjenNL Awstats is not real-time :S Need it for monitoring, not trending. Kinda strange there are no solutions, really. in reply to ArjenNL 1 day ago
@ArjenNL Thx, but that's a mod_watch solution :) I don't want to use mod_watch, since it seems unmaintained :) in reply to ArjenNL 1 day ago
Anyone know of a maintained mod_watch-alike solution for Apache2? Preferably one that's packaged for Debian... 1 day ago
Seems that no month can pass without us calling our telephony provider about a screw up on their invoice to us... 1 day ago
@KroosSara Ik vond Inception erg stoer, ondanks Leonardo. Beetje Matrix-achtige sfeer, maar heel ander verhaal (uiteraard). 2 days ago
More updates...

Tim’s Weblog