<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hello, I am trying to configure a vpn net-net
connection between openswan - cisco concentrator.</FONT></DIV>
<DIV><FONT face=Arial size=2>The connection establish ok but I canīt route
packets.</FONT></DIV>
<DIV><FONT face=Arial size=2>The topology is</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2>10.242.192.0/27-----195.55.11.30-----------------------------------------212.89.0.28-----10.10.2.0/23</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>This is a copy of the conn in
/etc/ipsec.conf</FONT></DIV>
<DIV><SPAN id=google-navclient-hilite
style="COLOR: black; BACKGROUND-COLOR: cyan"></SPAN> </DIV>
<DIV><SPAN
style="COLOR: black; BACKGROUND-COLOR: cyan">conn vpn-net<BR>
# Left security gateway, subnet behind it, nexthop toward
right.<BR> type=
tunnel<BR>
authby=secret<BR>
keyingtries=1<BR>
keyexchange=ike<BR>
esp=3des-md5-96<BR>
pfs=yes<BR>
left=195.55.11.30<BR>
leftsubnet=10.242.192.0/27<BR>
leftnexthop=%defaultroute<BR> # Right
security gateway, subnet behind it, nexthop toward
left.<BR>
right=212.89.0.28<BR>
rightsubnet=10.10.2.0/23</SPAN></DIV>
<DIV><SPAN
style="COLOR: black; BACKGROUND-COLOR: cyan">
rightnexthop=%defaultroute<BR> # To
authorize this connection, but not actually start it,
<BR> # at startup, uncomment
this.<BR> auto=start<BR></DIV></SPAN>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I receive the msg "IPSec SA established" but I cant
route.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>"route -n" shows this</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Kernel IP routing
table<BR>Destination
Gateway
Genmask Flags Metric
Ref Use Iface<BR>10.242.192.0
0.0.0.0 255.255.255.224
U 0
0 0
eth1<BR>195.55.11.0
0.0.0.0
255.255.255.0 U
0 0 0
eth0<BR>10.10.2.0
195.55.11.1 255.255.254.0 UG
0 0 0
eth0<BR>0.0.0.0
195.55.11.1
0.0.0.0 UG
0 0 0
eth0<BR></DIV></FONT>
<DIV><FONT face=Arial size=2>If I try "route add -net 10.10.2.0 netmask
255.255.254.0 gw 212.89.0.28" I receive the message "Network is
unreachable"</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>How could I route packets to remote
vpn?</FONT></DIV>
<DIV><FONT face=Arial size=2>Thank you</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>JOSE</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>