[Openswan Users] SA established but not ping (2nd act)
Lelio Parisi
piccololean at yahoo.it
Tue Oct 18 19:44:29 CEST 2005
I've succesfully installed openswan with klips (thanks
to Paul Wouters and David Coulson). Now I have the
ipsecx interfaces without the segmentation fault.
As I said some days ago, I've a pix on a site and
openswan on the other. The subnet behind pix is
10.0.0.x and the subnet behind openswan is 192.168.0.x
The SA is established well but the pc 192.168.0.x
doesn't ping the 10.0.0.x
I think that the access-list on pix is right because I
can ping the 10.0.0.x if I use windows client.
Here's my conf (as David asks before)
version 2.0
config setup
interfaces="ipsec0=ppp0"
klipsdebug=none
#plutodebug=none
#plutoload=%search
#plutostart=%search
uniqueids=yes
nat_traversal=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=secret
conn pix
#type = tunnel
left=xxx.xxx.xxx.xxx
leftsubnet=192.168.0.0/24
leftprotoport=17/0
#leftnexthop=%defaultroute
right=yyy.yyy.yyy.yyy
rightsubnet=10.0.0.0/24
rightid=172.17.32.13
rightprotoport=17/0
authby=secret
#esp=3des-md5-hmac
#keyexchange = ike
pfs=no
auto=add
___________________________________
Yahoo! Messenger: chiamate gratuite in tutto il mondo
http://it.messenger.yahoo.com
More information about the Users
mailing list