[Openswan Users] openSWAN to Cisco IOS
Paul Wouters
paul at xelerance.com
Wed Nov 15 11:39:42 EST 2006
On Wed, 15 Nov 2006, Christian Brechbühler wrote:
> That esp seems right after all. To summarize what I wrote to Frank Mayer,
>
> They instructed us to set it up as follows,
> left=Our_public_IP
> leftsubnet=192.168.232.0/24
> leftnexthop=%defaultroute
> right=Their_public_IP <http://38.112.15.162>
> rightsubnet=10.14.8.0/29
> rightnexthop=%defaultroute
>
> On a hunch I changed leftsubnet to 192.168.232.10/32 -- and BINGO! IPsec SA
> established. So Openswan seems happy, although no packets go through. I
> suspect now it's a routing/firewalling issue.
Or a policy mismatch on the cisco end where they now drop the packets.
Paul
More information about the Users
mailing list