[nycbug-talk] ipsec-tools racoon with Cisco VPN client...
attroppa at yahoo.com
Thu Feb 1 19:37:42 EST 2007
--- Dru <dlavigne6 at sympatico.ca> wrote:
> On Thu, 1 Feb 2007, Brian A. Seklecki wrote:
> > On Thu, 1 Feb 2007, Dru wrote:
> >> Sounds like they aren't agreeing on policy.
> What's the config at the Cisco
> >> end?
> > In my experience; the Cisco VPN Client is a highly
> simplified IPSEC engine
> > that relies heavily on extra proprietary
> in-bound/in-line data to help it
> > negotiate.
> > This is how Cisco accomplishes all kinds
> out-of-RFC-spec features like
> > DNS-interception, two-phase
> > Getting to it to talk to Racoon might be a lot of
> shots-in-the-dark kind of
> > work. Unless there's an advanced mode / registry
> hacks that I don't know
> > about.
> A tcpdump on the racoon end should show which parts
> of the policy aren't
> matching up as Phase 1 is in clear text. You could
> then try modifying the
> racoon end accordingly. The proprietary bits
> probably will take a registry
> hack (the proprietary stuff is much easier to
> override on a pix, at least
> you have a command line interface instead of some
> GUI hiding everything).
I posted this question, because there was something
somewhere I read... Obviously someone had done it.
I wanted to avoid this pain, but I guess will have to
tweak the code. It is all bits and pieces when facing
a gui on the other end as Brian said it already. :)
I'll let you know how it goes.
Don't get soaked. Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
More information about the talk