heh woops, those also's should be =organizationx<br><br><div class="gmail_quote">On Fri, Apr 30, 2010 at 1:03 PM, George Alexander <span dir="ltr"><<a href="mailto:alexanderthegeorge@gmail.com">alexanderthegeorge@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">You just have to make two tunnels, or tell them to nat once the packets
arrive on their side.<br>
Like so:<br>
<br>
conn organizationx-intranet-server<br>
also=mcmc<br>
rightsubnet=<a href="http://10.98.98.30/32" target="_blank">10.98.98.30/32</a><br>
<br>
conn organizationx-as400<br>
also=mcmc<br>
rightsubnet=<a href="http://10.1.2.13/32" target="_blank">10.1.2.13/32</a><br>
<br>
conn organizationx<br>
type=tunnel<br>
auto=add<br>
auth=esp<br>
pfs=no<br>
authby=secret<br>
keyingtries=0<br>
left=EXTERNAL.IP<br>
leftsubnet=<a href="http://172.25.25.2/32" target="_blank">172.25.25.2/32</a><br>
right=EXTERNAL.IP<br>
aggrmode=no<br>
esp=3des-sha1<br>
keyexchange=ike<br>
ike=3des-sha1-modp1024<br>
keylife=28800<br>
ikelifetime=86400<br>
<br>
<br>
then<br>
ipsec auto --add organizationx-intranet-server<br>ipsec auto --add
organizationx-as400<br>
<br>
And now you've got 2 tunnels...<br><br><div class="gmail_quote"><div><div></div><div class="h5">On Fri, Apr 30, 2010 at 9:07 AM, Perry, Michael <span dir="ltr"><<a href="mailto:mperry@telegenuk.com" target="_blank">mperry@telegenuk.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div><div></div><div class="h5">
<div link="blue" vlink="purple" lang="EN-GB">
<div>
<p class="MsoNormal">How do I configure Openswan to permit access from a
destination network with multiple subnets. Since one is in the 10.x range and
the other is in the 192.x range wouldn’t the only shared subnet be the
whole internet?</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I tried configuring multiple subnets in the rightsubnet= section
which raised errors so I tried creating two separate connections. This looked
promising as [service ipsec status] reported two tunnels, however when the
destination network made any connection attempts it could not locate a policy
to match against.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">What seemed to happen was that it would try to match to the
first connection only.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks, Mike. </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div>
</div>
<br></div></div>_______________________________________________<br>
<a href="mailto:Users@openswan.org" target="_blank">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br>
</blockquote></div><br>