[nycbug-talk] ipsec-tools racoon with Cisco VPN client...

Evgueni Tzvetanov attroppa at yahoo.com
Thu Feb 1 19:37:42 EST 2007


--- Dru <dlavigne6 at sympatico.ca> wrote:

> 
> 
> On Thu, 1 Feb 2007, Brian A. Seklecki wrote:
> 
> > On Thu, 1 Feb 2007, Dru wrote:
> >
> >> 
> >> Sounds like they aren't agreeing on policy.
> What's the config at the Cisco
> >> end?
> >
> > In my experience; the Cisco VPN Client is a highly
> simplified IPSEC engine 
> > that relies heavily on extra proprietary
> in-bound/in-line data to help it 
> > negotiate.
> >
> > This is how Cisco accomplishes all kinds
> out-of-RFC-spec features like 
> > DNS-interception, two-phase
> challenge-authentication.
> >
> > Getting to it to talk to Racoon might be a lot of
> shots-in-the-dark kind of 
> > work.  Unless there's an advanced mode / registry
> hacks that I don't know 
> > about.
> 
> 
> A tcpdump on the racoon end should show which parts
> of the policy aren't
> matching up as Phase 1 is in clear text. You could
> then try modifying the
> racoon end accordingly. The proprietary bits
> probably will take a registry 
> hack (the proprietary stuff is much easier to
> override on a pix, at least 
> you have a command line interface instead of some
> GUI hiding everything).
> 
> Dru
> 

Thanks Dru,

I posted this question, because there was something
somewhere I read... Obviously someone had done it.

I wanted to avoid this pain, but I guess will have to
tweak the code. It is all bits and pieces when facing
a gui on the other end as Brian said it already. :)

I'll let you know how it goes.

Best!
ET



 
____________________________________________________________________________________
Don't get soaked.  Take a quick peak at the forecast
with the Yahoo! Search weather shortcut.
http://tools.search.yahoo.com/shortcuts/#loc_weather



More information about the talk mailing list