RE: [leaf-user] ipsec connect to this?

Wed, 06 Nov 2002 14:06:39 -0800 

Upon further reading, I think the following would be adequate for
implementing this ipsec setup, but I'm not sure about the opposite side.

conn office  # we'll assume left is DCD
        left=public.ip.address.
        leftsubnet=192.168.1.0/24
        leftnexthop=pulic.ip.address.1
        leftrsasigkey= <key>
        leftfirewall=yes
        right=204.235.103.2
        rightsubnet=204.235.101.0/24
        rightnexthop=204.235.103.1
        rightrsasigkey= <key>
        rightfirewall=no
        auto=add

I think this should work, you might check the right subnet and right hop
statements for valid ip and ip range.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:leaf-user-admin@;lists.sourceforge.net]On Behalf Of Michael D.
Schleif
Sent: Wednesday, November 06, 2002 3:30 PM
To: LEAF
Subject: [leaf-user] ipsec connect to this?


Received following set of requirements for one of our DCD's to connect
to a remote non-DCD site:

        ISAKMP Policy:
        Encryption: 3DES
        Hash: MD5
        Authentication: pre shared keys
        Diffie Helman group 1 or 2

        Use the following key: ------------
        IPSec GW Address: 204.235.103.2

        Destination Network: 204.235.101.128 255.255.255.240

        IPSec Policy
        ESP Transform: 3DES
        ESP Authentication Transform: md5-hmac

        IPSec mode is transport. Please be sure to apply NAT *BEFORE* IPSec.
Private Addresses leaked onto the the network will be rejected.

We have not setup ipsec to non-DCD before.

Is this doable?

Is above information adequate?

Is there anything unusual to this setup?

--

Best Regards,

mds
mds resource
888.250.3987

Dare to fix things before they break . . .

Our capacity for understanding is inversely proportional to how much we
think we know.  The more I know, the more I know I don't know . . .


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html



-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to