[Openswan Users] Openswan (2.1.5) to PIX 515 problems
James Thompson
jthompson at dcc-services.com
Thu Mar 3 13:07:19 CET 2005
Attempting to connect Linux Openswan U2.1.5/K2.6.10-1.766_FC3smp to
Cisco PIX 515.
/Links to relevant files at end of message/
I can only establish a connection when I have the wrong subnet
information in my ipsec.conf file.
Trying to make this:
10.0.8.0/24===192.168.0.160---192.168.0.129---192.168.111.20===10.111.66
.0/24
Snip of ipsec.conf
left=192.168.0.160
leftnexthop=192.168.0.129
leftsubnet=10.0.8.0/24
It never connects and I find a NO_PROPOSAL_CHOSEN message in my secure
log.
When my ipsec.conf is set (with no changes on the PIX side) to:
left=192.168.0.160
leftnexthop=192.168.0.129
leftsubnet=10.0.7.0/24
The connection is established, however, no packets will route. I assume
this is because the PIX side is looking for the 10.0.8.0/24 subnet.
Any help will be greatly appreciated.
PIX config file http://users.dls.net/~jim/pix.txt
Ipsec.conf http://users.dls.net/~jim/ipsec_conf.txt
Unsuccessful connect log (correct leftsubnet)
http://users.dls.net/~jim/broken_log.txt
Successful connect log (incorrect leftsubnet)
http://users.dls.net/~jim/working_log.txt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050303/e58dbdea/attachment.htm
More information about the Users
mailing list