Hi, On Fri, 26.01.2007 at 20:28:54 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Any chance you can post an example of how to set it up to work with a > cisco VPN concentrator. > I'd really appreciate that.
the setup here is very much along the lines of the "East-West" example in the provided templates. We're using static IP addresses for this. The only special thing is the cipher selection: [ToCisco-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= AES-SHA-GRP5 [AES-SHA-GRP5] KEY_LENGTH= 256,256:256 GROUP_DESCRIPTION= MODP_1536 [ToCisco-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-AES-SHA-256-PFS-GRP5-SUITE [ToCisco-phase-2-lifetime] LIFE_TYPE= SECONDS LIFE_DURATION= 28800,3600:38800 But this is for 4.0 now, and you probably won't have much luck with less than 3.9. I don't know how to set up the Cisco side (afair a VPN3000 or so), however - I don't have/control that... Best, --Toni++
