[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(racoon 613) Re: cisco IOS and racoon

To: racoon@kame.net
Subject: (racoon 613) Re: cisco IOS and racoon
From: Satoshi Inoue <inoue@ntes.ipv6.nec.co.jp>
Date: Wed, 28 Jul 2004 11:20:21 +0900
Delivered-to: racoon-archive@kame.net
Delivered-to: racoon-outgo@kame.net
Delivered-to: racoon@kame.net
In-reply-to: <IOEHIPOKAPPDDMNJNKKGGENMCFAA.peter@sandilands.vu>
References: <1090933616.6975.7.camel@localhost> <IOEHIPOKAPPDDMNJNKKGGENMCFAA.peter@sandilands.vu>
Reply-to: racoon@kame.net
Sender: owner-racoon@kame.net

On Tue, 27 Jul 2004 23:18:29 +1000
"Peter Sandilands" <peter@sandilands.vu> wrote:

> I just got FreeBSD, Racoon  going to a VPN 3000.....

Yes, another implementation from somewhere else, now by Cisco :-)

> my_identifier and peers_identifier both had to be IP addresses (the
> end points obviously)

IDs cannot be used as a policy selector in identity protection mode,
as IDs are exchanged in the 3rd sequence. It may be useful if peer
verification can be done by none IP addressed IDs. IMHO, it's up to
the implementation to decide whether to make this configurable or not.

> Also needed to be main mode rather than aggressive

There are quite a few VPN concentrators that cannot initiate an
aggressive mode, and this is one of it, I suppose.

References:
- (racoon 609) Re: cisco IOS and racoon
  - From: Lewey Taylor <admin@triparish.net>
- (racoon 610) RE: cisco IOS and racoon
  - From: "Peter Sandilands" <peter@sandilands.vu>

Prev by Date: (racoon 612) RE: Memory already free....
Next by Date: (racoon 614) Re: cisco IOS and racoon
Previous by thread: (racoon 610) RE: cisco IOS and racoon
Next by thread: (racoon 614) Re: cisco IOS and racoon
Index(es):
- Date
- Thread