[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: OFF Topic Might not belong on the list "PF anf VPN to Cisco"

Thank you for the reply I will take your advise and head down the
OpenBSD road because you seem to like your setup and seems to be stable
which was more important. A cisco 3000 is actually a Cisco Concentrator
it is not a router or a pix but the vpn functionality between the
devices are the same. Once again your reply is greatly appreciated. 
-----Original Message-----
From: Dave Mangot [mailto:[email protected]] 
Sent: Thursday, December 30, 2004 4:48 PM
To: Elijah Savage
Cc: PF Mailing List List
Subject: Re: OFF Topic Might not belong on the list "PF anf VPN to
Elijah Savage wrote:
> between a Cisco IOS device which are cisco routers no pix's involved 
> and a OpenBSD firewall.
I have a VPN tunnel setup between and Cisco device and an OpenBSD
> As I said in my other emails I have seen some that say FreeSwan is the
> way to go others say OpenVPN is the way to go but none of these 
> actually saying they have set them up in a production environment and 
> have it working.
I think OpenBSD is the way to go.  I have it setup and working in a
production environment.  If you are much more comfortable working with
FreeSwan than you are with OpenBSD, then FreeSwan is probably the way to
> So I was just curious if someone has
> actually accomplished this before and what they were using and why 
> they chose it. I said this in a previous email but I have not seen it 
> posted
I have accomplished it.  I am using a PC running OpenBSD post-3.5, and
the remote side is a Cisco that is probably not a PIX.  Probably a 3020 
or 3005 or something like that.   It really doesn't matter.  We chose it
because we have setup OpenBSD VPNs to other devices like Checkpoint
firewalls and Sonicwalls and it works and is stable.
Is that answer vague enough?  I don't know that anyone here can help you
with much more unless you actually have some kind of specific question.
If you are asking if anyone on the planet has setup an IPSEC VPN to a
Cisco device from OpenBSD then I can confidently say, the answer is yes.
Dave Mangot		[email protected]
DHAP Digital, Inc.	http://www.dhapdigital.com/
San Francisco, CA	+1.415.962.4891