<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>you probably want something like rightsubnet=vhost:%priv<br><br>sent from a tiny device </div><div><br>On 2013-08-05, at 15:10, Giovanni Carbone <<a href="mailto:G.Carbone@reitek.com">G.Carbone@reitek.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style>
<!--
@font-face
        {font-family:"Cambria Math"}
@font-face
        {font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
        {color:#0563C1;
        text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
        {color:#954F72;
        text-decoration:underline}
span.EmailStyle17
        {font-family:"Arial","sans-serif";
        color:windowtext}
.MsoChpDefault
        {font-family:"Calibri","sans-serif"}
@page WordSection1
        {margin:70.85pt 2.0cm 2.0cm 2.0cm}
div.WordSection1
        {}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Hi,</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif"">i’m having a little issue with a tunnel (PSK auth) with a Cisco ASA behind a nat. The tunnels goes up and everything works only if I set the rightid with the
private IP of the ASA (I think it’s the way it is supposed to work).</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif"">The problem is the other end doesn’t want me to have one of their private IPs configured statically on my side; they may change it “anytime” and they don’t want
to have to notify me of this change in order to keep up the tunnel (they say that they have many other tunnels working without having to deal with the ASA’s private IP on the other end).</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif"">So, is there a way to tell Openswan to work only with the ASA’s public IP?</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif"">Best regards,</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:10.0pt; font-family:"Arial","sans-serif"">Giovanni.</span><span style="color:#333333"></span></p>
<p class="MsoNormal"> </p>
</div>
<p style="margin-bottom:7.0pt; margin-top:0.0pt"><span lang="IT-IT" style="font-size:8.0pt; font-family:'Arial',sans-serif; color:#535353; font-style:italic"><br>
<br>
<br>
Informativa Privacy - Ai sensi del D. Lgs n. 196/2003 (Codice Privacy) precisiamo che le informazioni contenute in questo messaggio sono riservate e a uso esclusivo del destinatario. Ogni uso, copia o distribuzione non autorizzata è proibita e passibile di
sanzioni ai termini di legge. Reitek non è responsabile di eventuali copie o distribuzioni non autorizzate. Se questo messaggio è stato ricevuto per errore, preghiamo gentilmente di eliminarlo e di informare il mittente. Grazie.
</span></p>
<p style="margin-top:7.0pt"><span lang="IT-IT" style="font-size:8.0pt; font-family:'Arial',sans-serif; color:#535353; font-style:italic"></span></p>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br></div></blockquote></body></html>