[Openswan Users] My Problem: Now, I'm a member
Cristian ...
casilla1423 at yahoo.com.ar
Thu Oct 27 17:02:59 CEST 2005
forgive me ... I forgot to send my configuration:
Openswan
-----------------------
/etc/ipsec.conf
config setup
interfaces=%defaultroute
klipsdebug=none
plutodebug=none
conn tunnelipsec
type=tunnel
left=202.0.45.170
leftnexthop=202.0.45.190
leftsubnet=10.69.1.0/24
right=203.97.9.162
rightnexthop=203.97.9.161
rightsubnet=10.7.3.0/24
esp=3des-md5-96
keyexchange=ike
authby=secret
pfs=no
auto=add
PIX
--------------
PIX Version 6.1(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname PixVPN
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
names
access-list NO-NAT permit ip 10.7.3.0 255.255.255.0
10.69.1.0 255.255.255.0
access-list FREESWAN-VPN permit ip 10.7.3.0
255.255.255.0 10.69.1.0 255.255.255.
0
pager lines 24
interface ethernet0 10baset
interface ethernet1 10full
tu inside 1500
ip address outside 203.97.9.162 255.255.255.0
ip address inside 10.7.3.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NO-NAT
nat (inside) 1 10.7.3.0 255.255.255.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 203.97.9.161 1
route outside 10.69.1.0 255.255.255.0 203.97.9.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
rpc 0:10:00 h323 0:05:00 si
p 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
no sysopt route dnat
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto map mymap 10 ipsec-isakmp
crypto map mymap 10 match address FREESWAN-VPN
crypto map mymap 10 set peer 202.0.45.170
crypto map mymap 10 set transform-set myset
crypto map mymap interface outside
isakmp enable outside
isakmp key ******** address 202.0.45.170 netmask
255.255.255.255
isakmp identity address
isakmp policy 5 authentication pre-share
isakmp policy 5 encryption 3des
isakmp policy 5 hash md5
isakmp policy 5 group 2
isakmp policy 5 lifetime 28800
telnet timeout 5
ssh timeout 5
terminal width 80
Cryptochecksum:39facfe19be5e6e043308b786658a86b
: end
[OK]
Regards
--- "Cristian ..." <casilla1423 at yahoo.com.ar>
escribió:
>
> --- Lelio Parisi <piccololean at yahoo.it> escribió:
> Hi...
>
> > Hi... I've tried to make a connection like your
> one.
> > But I can't ping from the internat net of the pix
> > and
> > from openswan too...
> > If I undestand well, you ping from the net behind
> > the
> > PIX.
>
> yes...
>
> > Can you tell me which is your pix and its SO?
> > Could you send your conf?
>
> My pix is 501 and here is output from show version:
> Cisco PIX Firewall Version 6.1(4)
> Cisco PIX Device Manager Version 1.1(2)
>
> Compiled on Tue 21-May-02 08:40 by morlee
>
> PixVPN up 14 mins 38 secs
>
> Hardware: PIX-501, 16 MB RAM, CPU Am5x86 133 MHz
> Flash E28F640J3 @ 0x3000000, 8MB
> BIOS Flash E28F640J3 @ 0xfffd8000, 128KB
>
> 0: ethernet0: address is 000a.8afa.6b29, irq 9
> 1: ethernet1: address is 000a.8afa.6b2a, irq 10
>
> Licensed Features:
> Failover: Disabled
> VPN-DES: Enabled
> VPN-3DES: Enabled
> Maximum Interfaces: 2
> Cut-through Proxy: Enabled
> Guards: Enabled
> Websense: Enabled
> Inside Hosts: 10
> Throughput: Limited
> ISAKMP peers: 5
>
> Serial Number: 806321901 (0x300f7eed)
> Activation Key: 0x205fc47b 0xea117f8d 0xf21714e5
> 0x6d471b98
>
> > Thanks
> >
> > Cool CHILE!!! I've a friend from there! His name
> is
> > Robin Luis Fernandez
> >
>
> Thanks to you... I don't know Robin, I live in
> Valparaíso... where does he leave ?
>
> Regards
>
> Cristian Gallardo
>
>
> > --- "Cristian ..." <casilla1423 at yahoo.com.ar> ha
> > scritto:
> >
> > > Sorry for my bad english.
> > >
> > > I have installed openswan in my Linux and it
> > > operates
> > > against a Cisco PIX. IKE'S negotiation is
> correct
> > > but
> > > only I can do ping from the net behind the PIX
> to
> > > the
> > > internal door of the gateway with openswan.
> > >
> > > >From the net behind the gateway openswan on
> > having
> > > raised IPSEc's connection I cannot even come to
> > the
> > > internal door from this one.
> > >
> > > What does happen?
> > >
> > > I wait could help me.
> > >
> > > Regards from Chile
> > >
> > > Cristian Gallardo
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
>
___________________________________________________________
> > >
> > > 1GB gratis, Antivirus y Antispam
> > > Correo Yahoo!, el mejor correo web del mundo
> > > http://correo.yahoo.com.ar
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users at openswan.org
> > > http://lists.openswan.org/mailman/listinfo/users
> > >
> >
> >
> >
> >
> >
> >
> >
> > ___________________________________
> > Yahoo! Mail: gratis 1GB per i messaggi e allegati
> da
> > 10MB
> > http://mail.yahoo.it
> >
>
>
>
>
>
>
>
>
>
___________________________________________________________
>
> 1GB gratis, Antivirus y Antispam
> Correo Yahoo!, el mejor correo web del mundo
> http://correo.yahoo.com.ar
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
___________________________________________________________
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
http://correo.yahoo.com.ar
More information about the Users
mailing list