[Fwd: Re: [Openswan Users] Pluto not running???]
Matthew Claridge
mclaridge at rwa-net.co.uk
Wed Aug 18 10:04:53 CEST 2004
on 17/08/2004 20:26 Paul Wouters said the following:
>On Tue, 17 Aug 2004, Matthew Claridge wrote:
>
>
>
>>turns out its not trying to talk to a Cisco router at all - its a Cisco
>>3000 series vpn concentrator...totally different configuration to the
>>standard cisco commands.......
>>
>>anyone have any experience of these and a suitable config that might get
>>it working?
>>
>>
>
>Michael did some testing with this. His experience:
>
>You can do PSK.
>You can do X.509.
>You can do XAUTH with X.509.
>You can do XAUTH with PSK if you have a static IP.
>
>You can not get it to do PSK with a random IP, because the XAUTH won't
>work with the "default group" that the VPN3K has. It only works with
>L2TP. This is a VPN3K bug.
>
>Paul
>
>
>
Thanks Paul, that at least is good news! The VPN3K admin and myself are
going to play around with this and debug it from the Cisco logs tomorrow
so we'll see how it goes.
Assuming we're just doing PSK, is there any special config required at
the Openswan end, or is the standard config I've got going to work?
One more question I thought of last night - is it possible to restrict
access across an openswan tunnel to only allow traffic in one direction,
or is this a job purely left to firewalls?
cheers
Matt
More information about the Users
mailing list