Re: Cisco 3002 VPN client to OpenBSD?
On Fri, 2007-10-05 at 18:50 -0400, Rod Dorman wrote: On Friday, October 5, 2007, 15:14:41, Jeff Simmons wrote: On Friday 05 October 2007 01:17, Claer wrote: The Cisco client license forbids explicitely to connect to anything but Cisco Hardware. You could rip the ISA controller out of a Pix 525 and out a CF adapter in it. Genuine intel P3 w/ quad fxp(4). ~BAS IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Cisco 3002 VPN client to OpenBSD?
On Wed, Oct 03 2007 at 32:20, Jeff Simmons wrote: Anyone have any experience with this? A company a client of mine wishes to work with insists this will work, but I have my doubts. The documentation for the 3002 seems to indicate that it is specifically for connections to a Cisco 3000 series VPN concentrator, and it requires (?) group-password and user-password entries for connections to the 3000. Most of the rest of the configuration is pretty standard, if old (3des, sha1). It's just a no-go. The Cisco client license forbids explicitely to connect to anything but Cisco Hardware. Here is an extract from the Cisco Client license : --8---8--8- Grant of License 2. Cisco Systems hereby grants you the right to install and use the Software on an unlimited number of computers, provided that each of those computers must use the Software only to connect to Cisco Systems products, and subject to export restrictions in Paragraph 4 hereof. You may make one copy of the Software for each such computer for the purpose of installing the Software on that computer. The Software is licensed for use only with Cisco Systems products, and for no other use. --8---8--8- Claer
Re: Cisco 3002 VPN client to OpenBSD?
On Friday 05 October 2007 01:17, Claer wrote: The Cisco client license forbids explicitely to connect to anything but Cisco Hardware. If that's so, then legal forgot to tell marketing. ;-) The Cisco VPN 3002 Hardware Client works with all operating systems ... http://newsroom.cisco.com/dlls/prod_040401.html In addition, the VPN 3002 Hardware Client works with any operating system including Solaris, Mac and Linux. http://www.tribecaexpress.com/cisco_VPN_clients.htm And yes, knowing Cisco, I can come up with a bunch of fudge factors. IF you use our proprietary software. We meant any OS can USE one of our proprietary tunnels. Etc. I know that native OpenBSD tools (ipsecctl, isakmpd) work fine with the Cisco 3005 concentrator, I'm running several. I've got a 3002 loaner coming, I'll post the results. -- Jeff Simmons [EMAIL PROTECTED] Simmons Consulting - Network Engineering, Administration, Security You guys, I don't hear any noise. Are you sure you're doing it right? -- My Life With The Thrill Kill Kult
Re: Cisco 3002 VPN client to OpenBSD?
On Fri, 2007-10-05 at 12:14 -0700, Jeff Simmons wrote: On Friday 05 October 2007 01:17, Claer wrote: The Cisco client license forbids explicitely to connect to anything but Cisco Hardware. If that's so, then legal forgot to tell marketing. ;-) The Cisco VPN 3002 Hardware Client works with all operating systems ... http://newsroom.cisco.com/dlls/prod_040401.html The hayday of Cisco making billions on the Cisco PIX 5xx is long over(*). The advent of SSL VPNs and other Windoze-specific crap. Something tells me they're not going to ante up for a fight to make their products more-interoperable. ipsec-tools and vpnc as examples. ~BAS * Back then you could recall the Cisco product line from memory.
Re: Cisco 3002 VPN client to OpenBSD?
On Friday, October 5, 2007, 15:14:41, Jeff Simmons wrote: On Friday 05 October 2007 01:17, Claer wrote: The Cisco client license forbids explicitely to connect to anything but Cisco Hardware. If that's so, then legal forgot to tell marketing. ;-) The Cisco VPN 3002 Hardware Client works with all operating systems ... http://newsroom.cisco.com/dlls/prod_040401.html In addition, the VPN 3002 Hardware Client works with any operating system including Solaris, Mac and Linux. http://www.tribecaexpress.com/cisco_VPN_clients.htm Hummm... the way I read that is you can use any 'client' you want to connect to their 'Hardware', but, their 'client' may only be used to connect to their 'Hardware'. -- [EMAIL PROTECTED] The avalanche has already started, it is too Rod Dorman late for the pebbles to vote. - Ambassador Kosh
Re: Cisco 3002 VPN client to OpenBSD?
There is a lot of work in racoon(8) as a server and client on Cisco proprietary extensions. I haven't tested it in about 10 weeks, though. You'll want to run the trunk source code from ipsec-tools if you test it. I'm not sure if the ipsec(4) stack in OpenBSD 4.x will work with racoon, though. ~BAS On Wed, 2007-10-03 at 20:32 -0700, Jeff Simmons wrote: 3002 -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Cisco 3002 VPN client to OpenBSD?
I highly recommend that you don't go with the routers, and just do your own work, mostly because it's a pain. On the other hand, vpnc is ported to OpenBSD and it works. You can see some of the issues relating to this when you check out the ports@ list where you can find some of the discussions about porting a newer version of vpnc to OpenBSD. -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]
