[Fwd: Re: [Openswan Users] Pluto not running???]

Ted Kaczmarek tedkaz at optonline.net
Wed Aug 18 09:24:41 CEST 2004


On Wed, 2004-08-18 at 09:04 +0100, Matthew Claridge wrote:
> on 17/08/2004 20:26 Paul Wouters said the following:
> 
> >On Tue, 17 Aug 2004, Matthew Claridge wrote:
> >
> >  
> >
> >>turns out its not trying to talk to a Cisco router at all - its a Cisco 
> >>3000 series vpn concentrator...totally different configuration to the 
> >>standard cisco commands.......
> >>
> >>anyone have any experience of these and a suitable config that might get 
> >>it working?
> >>    
> >>
> >
> >Michael did some testing with this. His experience:
> >
> >You can do PSK.
> >You can do X.509.
> >You can do XAUTH with X.509.
> >You can do XAUTH with PSK if you have a static IP.
> >                                                                                
> >You can not get it to do PSK with a random IP, because the XAUTH won't
> >work with the "default group" that the VPN3K has. It only works with
> >L2TP. This is a VPN3K bug.
> >
> >Paul
> >
> >  
> >
> Thanks Paul, that at least is good news! The VPN3K admin and myself are 
> going to play around with this and debug it from the Cisco logs tomorrow 
> so we'll see how it goes.
> 
> Assuming we're just doing PSK, is there any special config required at 
> the Openswan end, or is the standard config I've got going to work?
> 
> One more question I thought of last night - is it possible to restrict 
> access across an openswan tunnel to only allow traffic in one direction, 
> or is this a job purely left to firewalls?
> 
> cheers
> Matt
> 
> _______________________________________________
iptables, which I would hope one is running on their vpn box.

Ted



More information about the Users mailing list