> > On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote: > > Is anyone aware of a tunnel between FreeBSD and Cisco that > > can go through a NAT on the Cisco side? > > If you update the Cisco firmware with the latest IOS+VPN version, you > ought to gain proper NAT-T support which will work with most IPSEC/ > VPN implementations. Otherwise, if you only need to implement a > single VPN tunnel, you can use something like OpenVPN, which only > needs you to forward a single UDP port (1194)... > Ok, I've :
1) Updated the IOS to c2500-ik8os-l.122-32 2) I've installed ipsec-tools on FreeBSD after applying the NAT-T patch (freebsd6-natt.diff) to 5.5-RELEASE-p8 and recompiling. 3) Set up on FreeBSD : ifconfig gre0 unplumb ifconfig gre0 create ifconfig gre0 192.168.4.1 192.168.4.2 netmask 0xffffffff link1 up ifconfig gre0 tunnel 184.108.40.206 220.127.116.11 4) Set up on Cisco : interface Tunnel0 ip address 192.168.4.2 255.255.255.0 tunnel source Ethernet0 tunnel destination 18.104.22.168 ! interface Ethernet0 ip address 22.214.171.124 255.255.255.240 So now I can ping across the GRE, which is really nice. So now the next part is getting IPSEC over it.... And I'm again stuck. I'm trying to use : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml as a reference, but there seems to be alot more going on that really confuses me. Has anyone gone this route? Thanks, Tuc _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"