> On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote:
> >     Is anyone aware of a tunnel between FreeBSD and Cisco that
> > can go through a NAT on the Cisco side?
> If you update the Cisco firmware with the latest IOS+VPN version, you  
> ought to gain proper NAT-T support which will work with most IPSEC/ 
> VPN implementations.  Otherwise, if you only need to implement a  
> single VPN tunnel, you can use something like OpenVPN, which only  
> needs you to forward a single UDP port (1194)...
        Ok, I've :

        1) Updated the IOS to c2500-ik8os-l.122-32
        2) I've installed ipsec-tools on FreeBSD after applying
                the NAT-T patch (freebsd6-natt.diff) to
                5.5-RELEASE-p8 and recompiling.
        3) Set up on FreeBSD :

ifconfig gre0 unplumb
ifconfig gre0 create
ifconfig gre0 netmask 0xffffffff link1 up
ifconfig gre0 tunnel

        4) Set up on Cisco :

interface Tunnel0
 ip address
 tunnel source Ethernet0
 tunnel destination
interface Ethernet0
 ip address


        So now I can ping across the GRE, which is really nice.

        So now the next part is getting IPSEC over it.... And
I'm again stuck. I'm trying to use :


        as a reference, but there seems to be alot more going
on that really confuses me. Has anyone gone this route?

                Thanks, Tuc
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to