IPSec, racoon and Cisco PIX

23 Jan 2007, 11:57

4 comments

While making an IPSec connection from a Debian Etch machine to a Cisco PIX, I had a lot of help from these pages:

PIX IPSec VPN to FreeBSD (yes, it’s the same racoon as Debian uses, so it works the same)

Important parts to know:

Racoon really doesn’t want to recieve a FQDN when it’s trying to create a connection with a shared key. Make sure the Cisco has the line isakmp identity address in it’s config.
Don’t forget to set your DH and PFS number at the same number as the Cisco.
It’s probably somewhere in the man-page, but I couldn’t find it right away: If you want to use AES-256, you can simply set this with encryption aes 256; in the Racoon config. Default is AES-128.

I’m glad I got this working correctly

← Huisje zoeken (3) DRAC 5 →

Nu.nl: "Het aandeel vrouwen op Wall Street is afgenomen." En dan nu het opmerkelijke nieuws: "Het aandeel mannen is gestegen"!! 3 days ago
I don't want of those new iPod Nano's… my fingers are way too fat for it! #apple #ipod 5 days ago
@peroict True, irc too ;) 1 week ago
We're more intimate with our customers than most companies: We've got root. 1 week ago
Small little unix utils are awesome, but xmlstarlet should recognise for itself if a default namespace is set... Took me 45 minutes... 1 week ago
More updates...

Tim’s Weblog