IPSec, racoon and Cisco PIX

While making an IPSec connection from a Debian Etch machine to a Cisco PIX, I had a lot of help from these pages:

In memoriam ericius

PIX IPSec VPN to FreeBSD (yes, it's the same racoon as Debian uses, so it works the same)

Important parts to know:

  • Racoon really doesn't want to recieve a FQDN when it's trying to create a connection with a shared key. Make sure the Cisco has the line isakmp identity address in it's config.
  • Don't forget to set your DH and PFS number at the same number as the Cisco.
  • It's probably somewhere in the man-page, but I couldn't find it right away: If you want to use AES-256, you can simply set this with encryption aes 256; in the Racoon config. Default is AES-128.

I'm glad I got this working correctly :)


Comments powered by Disqus