# Connecting to Cisco VPN device



## rihad (Jan 8, 2013)

Hi, folks. I'll probably need to connect our FreeBSD (not a router) to a Cisco device to form a VPN connection between them. Please point me in the right direction as this is a completely new topic for me (simplest software to use, what configuration FreeBSD base/kernel needs, etc):



> VPN device Cisco ASA 5510 - 8.2(1)
> 
> Peer IP-address their.external.ip.address
> 
> ...



What is subnet IP address in this case?


----------



## SirDice (Jan 8, 2013)

The handbook: 15.9 VPN over IPsec


----------



## rihad (Jan 8, 2013)

SirDice said:
			
		

> The handbook: 15.9 VPN over IPsec



Thanks a lot. A more involved solution than I had hoped for, I was hoping a simple 100% software solution exists. Well, thanks!


----------



## gkontos (Jan 8, 2013)

rihad said:
			
		

> What is subnet IP address in this case?



It is their internal IP address that they are exposing over the VPN. Some times called encryption domain. There is a nice guide that you can use as a reference.


----------



## HenkeZan (Jan 8, 2013)

I use VPNC to connect to our Cisco based IPSec solution.

/Henrik


----------



## gkontos (Jan 8, 2013)

HenkeZan said:
			
		

> I use VPNC to connect to our Cisco based IPSec solution.
> 
> /Henrik



The requirements are for a site-to-site connection. Cisco clients do not work that way.


----------



## rihad (Jan 8, 2013)

gkontos said:
			
		

> It is their internal IP address that they are exposing over the VPN. Some times called encryption domain. There is a nice guide that you can use as a reference.


Thanks. Does it cover same info as The Handbook? Which should I choose to cover my needs? (point-to-point encryption). I'd like to keep making changes & downtime to a minimum, as the box is in production.


----------



## gkontos (Jan 8, 2013)

rihad said:
			
		

> Thanks. Does it cover same info as The Handbook? Which should I choose to cover my needs? (point-to-point encryption). I'd like to keep making changes & downtime to a minimum, as the box is in production.



Basically you compile your KERNEL, install security/ipsec-tools, configure racoon, adjust your firewall and test the tunnel.

You need to understand a bit about VPN technology, that's where the handbook comes in and you can use the guide as a reference. Think of endpoint 2 as their ASA.

Regarding down time, you will need 1 reboot for your new KERNEL.


----------

