[Openswan Users] Nat traversal & Cisco Pix

Jeroen Geusebroek j.geusebroek at intellit.nl
Mon Jan 31 23:22:24 CET 2005

Hi there,

I'm trying to accomplish a vpn tunnel between my home and work network.


Home: SuSe 9.1 (2.6.5-7.111.30)/openswan-2.3.0/router with udp 500/4500 and
ESP forwarded 
to the SuSe machine.

Work: Cisco Pix 6.3(1) no natting.


The router I have is actually also a cisco (827) and I can without any
problems create a VPN 
between home and work. But because of the slow CPU of the 827 I can only
have 40kb/s using 3DES 
and 80kb/s using DES. This is why I would love to try openswan to manage the
VPN connections.

The CISCO pix supports NAT-T and I have it enabled so that (I hope) should
not be a problem.

Pix conf:

access-list home permit ip
access-list home permit ip

crypto ipsec transform-set vpnset2 esp-3des esp-sha-hmac

crypto map vpnmap1 300 ipsec-isakmp
crypto map vpnmap1 300 match address home
crypto map vpnmap1 300 set peer ***.***.***.***
crypto map vpnmap1 300 set transform-set vpnset2

isakmp key ******** address ***.***.***.*** netmask no-xauth

isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400

I have tried some configurations for openswan but can't get it to work and
wondering if someone could help me with the config for openswan. To be
I have little or no clue about ipsec, but I am trying to learn which is why
would like this server to be working ;)


Jeroen Geusebroek

More information about the Users mailing list