[Openswan Users] Some Advice

Paul Wouters paul at xelerance.com
Wed Jun 15 18:26:40 CEST 2005

On Wed, 15 Jun 2005, J. Pedro Flor wrote:

> I have on one side:
> Linux-2.6.11
> Openswan-2.3.0
> ipsec-tools-0.51
> and the other side, Cisco Pix
> The facts it's that the Cisco peer let me just one public IP to contat
> their private network, but the problem it's that I need allow a hole
> range of private IP's to comunicate with the PIX side.
> How can i solve this problem?

It is very tricky to do SNAT+IPSEC on linux 2.6 with NETKEY. The easiest
would be to just use two boxes.
Ofcourse, the proper solution is to setup an ipsec tunnel for your entire
subnet to the cisco, but might require an attitude change of the cisco end.


More information about the Users mailing list