[nycbug-talk] ipsec-tools racoon with Cisco VPN client...
Evgueni Tzvetanov
attroppa at yahoo.com
Thu Feb 1 19:37:42 EST 2007
--- Dru <dlavigne6 at sympatico.ca> wrote:
>
>
> On Thu, 1 Feb 2007, Brian A. Seklecki wrote:
>
> > On Thu, 1 Feb 2007, Dru wrote:
> >
> >>
> >> Sounds like they aren't agreeing on policy.
> What's the config at the Cisco
> >> end?
> >
> > In my experience; the Cisco VPN Client is a highly
> simplified IPSEC engine
> > that relies heavily on extra proprietary
> in-bound/in-line data to help it
> > negotiate.
> >
> > This is how Cisco accomplishes all kinds
> out-of-RFC-spec features like
> > DNS-interception, two-phase
> challenge-authentication.
> >
> > Getting to it to talk to Racoon might be a lot of
> shots-in-the-dark kind of
> > work. Unless there's an advanced mode / registry
> hacks that I don't know
> > about.
>
>
> A tcpdump on the racoon end should show which parts
> of the policy aren't
> matching up as Phase 1 is in clear text. You could
> then try modifying the
> racoon end accordingly. The proprietary bits
> probably will take a registry
> hack (the proprietary stuff is much easier to
> override on a pix, at least
> you have a command line interface instead of some
> GUI hiding everything).
>
> Dru
>
Thanks Dru,
I posted this question, because there was something
somewhere I read... Obviously someone had done it.
I wanted to avoid this pain, but I guess will have to
tweak the code. It is all bits and pieces when facing
a gui on the other end as Brian said it already. :)
I'll let you know how it goes.
Best!
ET
____________________________________________________________________________________
Don't get soaked. Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather
More information about the talk
mailing list