7: Networking
EMG™ Edge Management Gateway User Guide 127
To see the X.509 Certificates for the local peer and the remote peer, select the View X.509
Certificates link.
Sample ipsec.conf Files
Sample ipsec.conf files are provided for a variety of tunnel setups and peers. In all examples, any
left options are for the console manager/local side of the tunnel, and any right options are for the
remote side of the tunnel.
Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1
Cisco ASA5525x Pre-Shared Key / IKEv1
Cisco ASA5525x Pre-Shared Key / IKEv2
Cisco ISR 2921 Pre-Shared Key / XAUTH / IKEv2
Cisco Pre-Shared Key / XAUTH / MODECFG / IKEv1
This configuration is an example of a remote access connection to a Cisco VPN server / responder
that uses XAUTH and MODECFG
to authenticate and push dynamic IP addresses and DNS
servers to a VPN client. The use of aggressive mode requires that ike and esp algorithms be
specified and exactly match what the Cisco server is expecting.
Console manager configuration
The pre-shared key and the XAUTH password need to be configured via the console manager UI.
conn Cisco
keyexchange=ikev1
ike=3des-md5-modp1024!
esp=3des-md5-modp1024!
aggressive=yes
lifetime=28800s
forceencaps=no
authby=xauthpsk
left=10.0.1.55
leftsourceip=%config4
leftid=@vpnid
xauth=client
xauth_identity=username
modeconfig=pull
right=220.41.123.45
rightsubnet=0.0.0.0/0
dpddelay=30
dpdtimeout=120
dpdaction=hold
auto=start
type=tunnel
To Next Page
Loading...
Need help?
General
