[Fwd: Re: [Openswan Users] Pluto not running???]
tedkaz at optonline.net
Wed Aug 18 09:24:41 CEST 2004
On Wed, 2004-08-18 at 09:04 +0100, Matthew Claridge wrote:
> on 17/08/2004 20:26 Paul Wouters said the following:
> >On Tue, 17 Aug 2004, Matthew Claridge wrote:
> >>turns out its not trying to talk to a Cisco router at all - its a Cisco
> >>3000 series vpn concentrator...totally different configuration to the
> >>standard cisco commands.......
> >>anyone have any experience of these and a suitable config that might get
> >>it working?
> >Michael did some testing with this. His experience:
> >You can do PSK.
> >You can do X.509.
> >You can do XAUTH with X.509.
> >You can do XAUTH with PSK if you have a static IP.
> >You can not get it to do PSK with a random IP, because the XAUTH won't
> >work with the "default group" that the VPN3K has. It only works with
> >L2TP. This is a VPN3K bug.
> Thanks Paul, that at least is good news! The VPN3K admin and myself are
> going to play around with this and debug it from the Cisco logs tomorrow
> so we'll see how it goes.
> Assuming we're just doing PSK, is there any special config required at
> the Openswan end, or is the standard config I've got going to work?
> One more question I thought of last night - is it possible to restrict
> access across an openswan tunnel to only allow traffic in one direction,
> or is this a job purely left to firewalls?
iptables, which I would hope one is running on their vpn box.
More information about the Users