[Openswan Users] Nat traversal & Cisco Pix
j.geusebroek at intellit.nl
Mon Jan 31 23:22:24 CET 2005
I'm trying to accomplish a vpn tunnel between my home and work network.
Home: SuSe 9.1 (2.6.5-7.111.30)/openswan-2.3.0/router with udp 500/4500 and
to the SuSe machine.
Work: Cisco Pix 6.3(1) no natting.
The router I have is actually also a cisco (827) and I can without any
problems create a VPN
between home and work. But because of the slow CPU of the 827 I can only
have 40kb/s using 3DES
and 80kb/s using DES. This is why I would love to try openswan to manage the
The CISCO pix supports NAT-T and I have it enabled so that (I hope) should
not be a problem.
access-list home permit ip 192.168.20.0 255.255.255.0 192.168.10.0
access-list home permit ip 192.168.10.0 255.255.255.0 192.168.20.0
crypto ipsec transform-set vpnset2 esp-3des esp-sha-hmac
crypto map vpnmap1 300 ipsec-isakmp
crypto map vpnmap1 300 match address home
crypto map vpnmap1 300 set peer ***.***.***.***
crypto map vpnmap1 300 set transform-set vpnset2
isakmp key ******** address ***.***.***.*** netmask 255.255.255.255 no-xauth
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
I have tried some configurations for openswan but can't get it to work and
wondering if someone could help me with the config for openswan. To be
I have little or no clue about ipsec, but I am trying to learn which is why
would like this server to be working ;)
More information about the Users