..ok, none of this is hard, but I get stuck in the odd place, mainly the Cisco router throwing this:

ISAKMP (0:1): Checking IPSec proposal 1

ISAKMP: transform 1, ESP_3DES

ISAKMP: attributes in transform:

ISAKMP: SA life type in seconds

ISAKMP: SA life duration (basic) of 28800

ISAKMP: encaps is 1

ISAKMP: authenticator is HMAC-SHA

ISAKMP: group is 2

validate proposal 0

IPSEC(vaidate_proposal): transform proposal (prot 3, trans 3, hmac_alg 2) not supported

ISAKMP (0:1): atts not acceptable. Next payload is 0

ISAKMP (0:1): phase 2 SA not acceptable!

This is a Cisco 3640 running IOS:

IOS ™ 3600 Software (C3640-IK9S-M), Version 12.2(23a)

I added the following to our exitsing IOS config:

crypto isakmp key somerandomtext address remote-host-ip no-xauth
crypto ipsec transform-set vault esp-3des esp-sha-hmac

crypto map to-vault 10 ipsec-isakmp
set peer remote-host-ip
set transform-set vault
set pfs group2
match address 101

interface Ethernet0/0

crypto map to-dublin-vault

access-list 101 permit ip host this-host-ip host remote-host-ip log

The racoon-tool.conf config looks like this:

# How to control the syslog level


# log: notify

log: debug


# some defaults



verify_identifier: on

nat_traversal: off

hash_algorithm[0]: sha1

authentication_method[0]: pre_shared_key

encryption_algorithm[0]: 3des




# IPSec between belfast-core-external & vault


peers_identifier: address


mode: tunnel

admin_status: enabled

compression: no



encryption_algorithm: 3des

authentication_algorithm: hmac_sha1