LINUX.ORG.RU
ФорумAdmin

ipsec Racoon linux

 , ,


1

1

Необходимо установить соединение между linux и cisco не на 500 порту, а на 3389 (требования другой стороны). Так вот как заставить racoon начинать соединение с локального порта 3389 а не 500. логи:

2012-12-26 13:31:23: INFO: @(#)ipsec-tools 0.7.1 (http://ipsec-tools.sourceforge.net)
2012-12-26 13:31:23: INFO: @(#)This product linked OpenSSL 0.9.8g 19 Oct 2007 (http://www.openssl.org/)
2012-12-26 13:31:23: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2012-12-26 13:31:24: INFO: Resize address pool from 0 to 255
2012-12-26 13:31:24: INFO: 178.124.154.129[3389] used as isakmp port (fd=5)
2012-12-26 13:31:24: INFO: 178.124.154.129[3389] used for NAT-T
2012-12-26 13:31:42: INFO: IPsec-SA request for 196.47.178.90 queued due to no phase1 found.
2012-12-26 13:31:42: INFO: initiate new phase 1 negotiation: 178.124.154.129[500]<=>196.47.178.90[3389]
2012-12-26 13:31:42: INFO: begin Identity Protection mode.
2012-12-26 13:32:12: INFO: phase2 sa expired 178.124.154.129-196.47.178.90

настройки racoon:

listen {
	isakmp 178.124.154.129 [3389];
}	

#IKE phase 1
remote 196.47.178.90 [3389] {
	exchange_mode main;
	proposal_check obey;
	proposal {
		encryption_algorithm 3des;
		hash_algorithm md5;
		authentication_method pre_shared_key;
		dh_group 2;
	}
	lifetime time 24 hour;
	generate_policy on;
	verify_identifier off;
}
#IKE phase 2
sainfo address 178.124.154.129/32 any address 192.168.210.0/28 any {
	encryption_algorithm 3des;
	authentication_algorithm hmac_md5;
	lifetime time 1 hour;
	compression_algorithm deflate;
}


Вы не можете добавлять комментарии в эту тему. Тема перемещена в архив.