[Openswan Users] Connecting Cisco routers (eg 837, 877) without static IP to OpenSWAN server
Aleks Huson
aleks.huson at digitalkarma.com.au
Sun Nov 19 21:57:13 EST 2006
Can anyone suggest the best way to do the following or point me in the
direction of a guide? (I've been searching Google and the lists for a while
and haven't found anything that fits quite right)
I would like to setup an OpenSWAN server that will allow net-to-net
connections from remote sites using various models of Cisco routers.
The current situation:-
- I've managed to get a net-to-net tunnel working between my
OpenSWAN server and a Cisco 877 using PSK and setting the IP addresses for
both ends statically
- The routers I want to connect with all have the appropriate
firmware (support 3DES etc) and are various models (837, 877, 1841, etc,
etc)
- The routers have public IP addresses, and are not behind NAT,
however they are *not* using static IP addresses. Whilst they usually stay
the same for a while, it's not guaranteed, and would be too difficult to
keep track of changes due to the quantity involved.
- My OpenSWAN server has a public, static IP address, and is not
behind NAT (nor yet behind firewall, but will be when I've got it working)
The issues/questions:-
- Each connection is for a net-to-net. I have a private subnet on
the internal side of each Cisco that I need to route through to various
subnets behind the OpenSWAN box.
- I need to be able to have different authentication for each site.
so if I'm using right = %any, I assume that I cannot use PSK, unless I want
to give everyone the same key
- Do I need to use authby = rsasig, or is there a better / simpler
way of setting it up so that I can have a different "login" for each client.
- If I have to use rsasig, can anyone point me in the direction of
how to setup the Cisco end of things?
Thanks in advance for your help.
Aleks Huson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061120/b6747f8a/attachment-0001.html
More information about the Users
mailing list