While making an IPSec connection from a Debian Etch machine to a Cisco PIX, I had a lot of help from these pages:
PIX IPSec VPN to FreeBSD (yes, it's the same racoon as Debian uses, so it works the same)
Important parts to know:
- Racoon really doesn't want to recieve a FQDN when it's trying to create a connection with a shared key. Make sure the Cisco has the line
isakmp identity addressin it's config.
- Don't forget to set your DH and PFS number at the same number as the Cisco.
- It's probably somewhere in the man-page, but I couldn't find it right away: If you want to use AES-256, you can simply set this with
encryption aes 256;in the Racoon config. Default is AES-128.
I'm glad I got this working correctly :)