[Openswan Users] PIX 515 6.3.3 to Openswan 2.1.4 FC1 success

[Ted Kaczmarek]

Attached is a working pre shared key FC1 to Openswan config,
Cisco Pox 515, version 6.3.3 Openswan 2.1.4.


Ted 

-------------- next part --------------
Cisco Pix Side

access-list no-nat permit ip host 10.100.1.77 host 172.16.21.22

access-list 114 permit ip host 10.110.1.77 host 172.16.21.22

crypto ipsec transform-set esp-3d-esp-md5-hma esp-3des esp-md5-hmac

crypto map tunnels 14 ipsec-isakmp
crypto map tunnels 14 match address 114
crypto map tunnels 14 set pfs group2
crypto map tunnels 14 set peer 67.80.149.98
crypto map tunnels 14 set transform-set esp-3d-esp-md5-hma

isakmp key ******** address 67.80.149.98 netmask 255.255.255.255 no-xauth no-config-mode

Not sure is this is needed but it can't hurt :-)
isakmp peer ip 67.80.149.98 no-xauth


Fedora Core 1 Side

kernel-module-openswan-2.4.22-1.2197.nptl-2.1.4-1.1.fc1.dag.i686.rpm
openswan-utils-2.1.4-1.1.fc1.dag.i386.rpm

ipsec.conf

config setup
        klipsdebug=none
        plutodebug=none


conn pix
        left=67.80.149.98
        leftnexthop=67.80.112.1
        leftsubnet=172.16.21.22/32
        right=69.115.247.126
        rightnexthop=69.115.247.125
        rightsubnet=10.100.1.77/32
        auth=esp
        esp=3des-md5-96
        keyexchange=ike
        pfs=no
        authby=secret
        auto=start

ipsec.secrets
67.80.149.98 69.115.247.126: PSK "mykey"


Linux Host ---- Linux Router -- Next hop ----Net---- Pix Next Hop  --  Pix 515   --   Remote Host
172.16.21.22    67.80.149.98   67.80.112.1          69.115.247.125   69.115.247.126   10.100.1.77