[Openswan Users] Only getting traffic oneway from Openswan to Cisco VPN3060

Shane Hickey shane at howsyournetwork.com
Fri Feb 11 11:11:56 CET 2005


"Eaton, Andy" <Andy at seas.wustl.edu> [2005-02-11 12:03]:
> I think you are going to have enable rip on your internal interface of
> the cisco 3060 and then under the routing section of the lan-to-lan do
> RRI, reverse route injection.  That will give the cisco a route to
> your network. You can check it under monitoring and then routing
> table.  Got this from the cisco documentation.

While I am definitely interested in RRI, I currently have a static route in for my network.  The static route is for the 10.252.238.0 network and it tells the concentrator that the next hop is the concentrator's gateway on its outside interface.  This same concentrator is terminating connections from about 50 cisco routers and we are doing similar static routes for those remote networks as well.  So, I know that what I'm trying to do should work.  The real kicker is that I can remember bi-directional traffic working in the past for my setup, but, I haven't tried it in ages and now it doesn't work.  It might have been working when I was using a 2.4 kernel on the laptop firewall machine?

> On a side note, I am running 4.1.7.B-k9.bin. I establish a connection
> with the vpn concentrator but my tunnels show unrouted with ipsec auto
> --status and no tunnels up with /etc/init.d/ipsec status. I still have
> no idea why this won't work.

If you'd like to contact me, off-list, I can run some debugs on my stuff and we can figure out the difference between your setup and mine?  Then we could summarize to the list if we were able to solve it?

Thanks,

Shane

-- 
Shane Hickey <shane at howsyournetwork.com>: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C  DA95 4109 9F69 777C BF3F


More information about the Users mailing list