There are 
plenty of pages on the web that tell you how to create a IPSec VPN between Linux and a Cisco PIX 501 (entry level firewalling product), however none of them tell you enough, or why half the settings are as they are.
The best example I've found so far is http://www.johnleach.co.uk/documents/freeswan-pix/freeswan-pix.html (very recent page - good work Google!). However, it specifies configs, which weren't enough information to get everything working.
apt-get install freeswan
Here is my FreeS/WAN configuration and explanation.
config setup
interfaces=%defaultroute klipsdebug=none plutodebug=none plutoload="tunnelipsec"
conn tunnelipsec
type= tunnel left= 202.0.45.170 leftnexthop= 202.0.45.190 leftsubnet= 10.69.1.0/24 right= 203.97.9.162 rightnexthop= 203.97.9.161 rightsubnet= 10.7.3.0/24 esp= 3des-md5-96 keyexchange= ike pfs= no auto= add
The interfaces line tells ipsec to use the same IP address as the interface that the default route is on: this is similar to "ipsec0:eth0" that some configurations recommend, but this works. When setting your connection up, you might want to set klips (Kernel IP Security) and pluto (the IPSEC keying Daemon) logging to "all".
The connection is named tunnelipsec and is of type (ESP) tunnel.
Your Linux machine is the left end of a network that will eventually look like this:
You need to specify the next hop in either direction (a silly thing perhaps, but you can specify %defaultroute etc again - it doesn't hurt to fill them in though.)
esp sets the ESP parameters. This must be the same encryption and hashing algorithm you specify in your isakmp lines in the PIX config below.
keyexchange sets IKE (Internet Key Exchange) and can be set to nothing else. pfs is Perfect Forwarding Security and needs to be set no. When ipsec starts, automatically add this connection to pluto (but this will not automatically create the tunnel.)
4 pages link to FreeSwanToCiscoPix:
