[Openswan Users] Openswan Cisco Interoperability

Paul Wouters paul at xelerance.com
Tue Aug 7 23:43:19 EDT 2007


On Wed, 8 Aug 2007, Bholi Patra wrote:

> Yes cisco is the responder..
> Is there some way I can stop an ipsec connection from coming up?

If openswan is asking transport mode as the initiator, and cisco says "ok"
and then sets up tunnel mode, then I'd be tempted to say the issue here is
a cisco bug.

Paul

> Bholi.
>
> On 8/7/07, Paul Wouters <paul at xelerance.com> wrote:
> >
> > On Tue, 7 Aug 2007, Bholi Patra wrote:
> >
> > > I have a test setup consisting of a cisco router on one end and a linux
> > > machine
> > > running openswan 2.4.9.
> > >
> > > The Cisco machine is configured to run in tunnel mode while openswan is
> > > configured
> > > for transport mode. Both use 3des and md5 for encryption and hash.
> > >
> > > I see the following behaviour.
> > > An ipsec tunnel comes up and I'm able to send ping packets to and from
> > cisco
> > > router.
> > >
> > > Is it an expected behaviour? Shouldnt ipsec connection fail since the
> > end
> > > points are
> > > operating in different mode?
> >
> > Which machine is the responder? I have a feeling it will be the cisco one,
> > because openswan should fail to setup such a tunnel.
> >
> > Paul
> >
> > --
> > Building and integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> >
>
>
>
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list