<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1034380639;
mso-list-type:hybrid;
mso-list-template-ids:804683376 1083344470 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Arial;
mso-fareast-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Can anyone suggest the best way to do the following or point
me in the direction of a guide? (I’ve been searching Google and the lists
for a while and haven’t found anything that fits quite right)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I would like to setup an OpenSWAN server that will allow
net-to-net connections from remote sites using various models of Cisco routers.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The current situation:-<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>I’ve managed to get a
net-to-net tunnel working between my OpenSWAN server and a Cisco 877 using PSK
and setting the IP addresses for both ends statically<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>The routers I want to connect with
all have the appropriate firmware (support 3DES etc) and are various models
(837, 877, 1841, etc, etc)<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>The routers have public IP
addresses, and are not behind NAT, however they are *<b><span style='font-weight:
bold'>not</span></b>* using static IP addresses. Whilst they usually stay the
same for a while, it’s not guaranteed, and would be too difficult to keep
track of changes due to the quantity involved.<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>My OpenSWAN server has a public,
static IP address, and is not behind NAT (nor yet behind firewall, but will be
when I’ve got it working)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>The issues/questions:-<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Each connection is for a net-to-net…
I have a private subnet on the internal side of each Cisco that I need to route
through to various subnets behind the OpenSWAN box.<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>I need to be able to have different
authentication for each site… so if I’m using right = %any, I assume
that I cannot use PSK, unless I want to give everyone the same key<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>Do I need to use authby = rsasig, or
is there a better / simpler way of setting it up so that I can have a different
“login” for each client.<o:p></o:p></span></font></p>
<p class=MsoNormal style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'><span
style='mso-list:Ignore'>-<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2 face=Arial><span
style='font-size:10.0pt;font-family:Arial'>If I have to use rsasig, can anyone
point me in the direction of how to setup the Cisco end of things?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks in advance for your help.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Aleks Huson<o:p></o:p></span></font></p>
</div>
</body>
</html>