>On Tue, Jun 13, 2000 at 12:16:23PM +0900, Jun-ichiro itojun Hagino wrote:
>>if cisco document mentions "pre-shared key", that is for use with
>>IKE (ipsec key negotiation protocol).  you need to bring in
>>pkgsrc/security/racoon.
>>setkey is for "manual keys" (<-> automatic negotiation by IKE).
>Okay, so even if they set the key manually on the router (via crypto isakmp
>key <longstring> address <myaddr>) I get to use IKE?

	there are three things:
	- manual keying
		use static IPsec key.  setkey(8) comes into here
	- IKE with pre shared keys
		authenticate peer with shared secret, establish IPsec key
		dynamically
	- IKE with certificates
		authenticate peer with RSA/whatever certificate, establish
		IPsec key dynamically

	your cisco is definitely doing the second option.  you need to use
	pkgsrc/security/racoon for the NetBSD side.

itojun