Setting up a VPN between OpenBSD 4.5 and Cisco PIX

The original of this HOWTO was here: OpenBSD – PIX ISAKMP VPN

Setting up an ISAKMP VPN tunnel between OpenBSD 4.5 and Cisco PixConfiguration:  Site A:    OpenBSD 4.5    Internal Network: 192.168.0.0/24    External IP: 1.1.1.1  Site B:    Cisco Pix 6.1    Internal Network: 10.0.0.0/8    External IP: 2.2.2.2  VPN parameters:    Shared Secret: theSecret    Encryption Algorith: 3DES    Hash Algorith: SHA    Diffie-Helman Group: 2 (1024bit)========================================================================Pix Configuration:access-list to_siteA permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.255.0access-list no_nat   permit ip 10.0.0.0 255.0.0.0 192.168.0.0 255.255.255.0sysopt connection permit-ipseccrypto ipsec transform-set myset esp-3des esp-sha-hmaccrypto map newmap 10 ipsec-isakmpcrypto map newmap 10 match address to_siteAcrypto map newmap 10 set peer 1.1.1.1crypto map newmap 10 set transform-set mysetcrypto map newmap interface outsideisakmp enable outsideisakmp key theSecret address 1.1.1.1 netmask 255.255.255.255isakmp identity addressisakmp policy 10 authentication pre-shareisakmp policy 10 encryption 3desisakmp policy 10 hash shaisakmp policy 10 group 2isakmp policy 10 lifetime 1000========================================================================OpenBSD config:/etc/ipf.rules# Adjust for your particular packet filtering setup and NICpass   in  quick on ep0 proto esp from any to 1.1.1.1pass   in  quick on ep0 proto udp from any to 1.1.1.1 port = 500/etc/isakmpd/isakmpd.conf[General]Retransmits=\t\t\t5Exchange-max-time=\t\t120Listen-on=\t\t\t1.1.1.1Default-Phase2-Lifetime=        3600,80:86400[Phase 1]2.2.2.2=\t\t\tSiteBPix[Phase 2]Connections=\t\t\tSiteA-SiteB-10[SiteBPix]Phase=\t\t\t\t1Transport=\t\t\tudpLocal-address=\t\t\t1.1.1.1Address=\t\t\t2.2.2.2Configuration=\t\t\tDefault-main-modeAuthentication=\t\t\ttheSecret[SiteA-SiteB-10]Phase=\t\t\t\t2ISAKMP-peer=\t\t\tSiteBPixConfiguration=\t\t\tDefault-quick-modeLocal-ID=\t\t\tNet-SiteARemote-ID=\t\t\tNet-SiteB-10[Net-SiteA]ID-type=\t\t\tIPV4_ADDR_SUBNETNetwork=\t\t\t192.168.0.0Netmask=\t\t\t255.255.255.0[Net-SiteB-10]ID-type=\t\t\tIPV4_ADDR_SUBNETNetwork=\t\t\t10.0.0.0Netmask=\t\t\t255.0.0.0[Default-main-mode]DOI=\t\t\t\tIPSECEXCHANGE_TYPE=\t\t\tID_PROTTransforms=\t\t\t3DES-SHA[Default-quick-mode]DOI=\t\t\t\tIPSECEXCHANGE_TYPE=\t\t\tQUICK_MODESuites=\t\t\t\tQM-ESP-3DES-SHA-PFS-SUITE[DES-SHA]GROUP_DESCRIPTION=\t\tMODP_1024[QM-ESP-3DES-SHA-PFS-SUITE]GROUP_DESCRIPTION=\t\tMODP_1024/etc/isakmpd/isakmpd.policyKeyNote-Version: 2Authorizer: "POLICY"