[Openswan Users] Connecting Cisco routers (eg 837, 877) without static IP to OpenSWAN server

Paul Wouters paul at xelerance.com
Mon Nov 20 00:04:45 EST 2006

On Mon, 20 Nov 2006, Aleks Huson wrote:

> I would like to setup an OpenSWAN server that will allow net-to-net
> connections from remote sites using various models of Cisco routers.

> -          I need to be able to have different authentication for each site.
> so if I'm using right = %any, I assume that I cannot use PSK, unless I want
> to give everyone the same key


> -          Do I need to use authby = rsasig, or is there a better / simpler
> way of setting it up so that I can have a different "login" for each client.

Yes, and likely use X.509 because Cisco does not support raw RSA keys.

> -          If I have to use rsasig, can anyone point me in the direction of
> how to setup the Cisco end of things?

I don't know of any cisco x509 examples. Anyone else?

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list