Re: Tunnels to Cisco through NAT?
On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote: Is anyone aware of a tunnel between FreeBSD and Cisco that can go through a NAT on the Cisco side? If you update the Cisco firmware with the latest IOS+VPN version, you ought to gain proper NAT-T support which will work with most IPSEC/ VPN implementations. Otherwise, if you only need to implement a single VPN tunnel, you can use something like OpenVPN, which only needs you to forward a single UDP port (1194)... Ok, I've : 1) Updated the IOS to c2500-ik8os-l.122-32 2) I've installed ipsec-tools on FreeBSD after applying the NAT-T patch (freebsd6-natt.diff) to 5.5-RELEASE-p8 and recompiling. 3) Set up on FreeBSD : ifconfig gre0 unplumb ifconfig gre0 create ifconfig gre0 192.168.4.1 192.168.4.2 netmask 0x link1 up ifconfig gre0 tunnel 192.136.64.116 69.28.185.2 4) Set up on Cisco : interface Tunnel0 ip address 192.168.4.2 255.255.255.0 tunnel source Ethernet0 tunnel destination 192.136.64.116 ! interface Ethernet0 ip address 69.28.185.2 255.255.255.240 So now I can ping across the GRE, which is really nice. So now the next part is getting IPSEC over it And I'm again stuck. I'm trying to use : http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml as a reference, but there seems to be alot more going on that really confuses me. Has anyone gone this route? Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Tunnels to Cisco through NAT?
Hi, Is anyone aware of a tunnel between FreeBSD and Cisco that can go through a NAT on the Cisco side? Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tunnels to Cisco through NAT?
On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote: Is anyone aware of a tunnel between FreeBSD and Cisco that can go through a NAT on the Cisco side? If you update the Cisco firmware with the latest IOS+VPN version, you ought to gain proper NAT-T support which will work with most IPSEC/ VPN implementations. Otherwise, if you only need to implement a single VPN tunnel, you can use something like OpenVPN, which only needs you to forward a single UDP port (1194)... -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Tunnels to Cisco through NAT?
On Oct 20, 2006, at 10:42 AM, Tuc at T-B-O-H.NET wrote: Is anyone aware of a tunnel between FreeBSD and Cisco that can go through a NAT on the Cisco side? If you update the Cisco firmware with the latest IOS+VPN version, you ought to gain proper NAT-T support which will work with most IPSEC/ VPN implementations. Otherwise, if you only need to implement a single VPN tunnel, you can use something like OpenVPN, which only needs you to forward a single UDP port (1194)... Hi, Thanks for the reply. I guess my question wasn't phrased exact enough... The long of it is that I have a low end Cisco router sitting at a location behind a consumer grade broadband router, connected to a satellite connection. The satellite does not allow direct TCP inbound connections, so anything I use has to be OpenVPN. I have a Soekris box with FreeBSD 5.5 running OpenVPN via UDP to a server in the datacenter, and it works fine and good. The issue is I want to set up another tunnel (The cisco is actually a 2509, 8 port serial. This new tunnel is for when the Soekris is down to be able to administer it via the serial port). So I'm looking for an application where if you want to think in reverse... The FreeBSD box needs to be able to get to the Cisco through a NAT (And only via UDP). Thanks, Tuc ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
