[Openswan Users] Cisco IP Redirect and L2TP

Lars Behrens lars at hfk-bremen.de
Thu Dec 6 14:53:30 EST 2007

Hello, Nico,

finally, a good explanation, I guess - our cisco-admins told me that  
ip redirect is used to define the best routing in case of a digest of  
routes (kind of OSPF). actually, here are no other gateways i.e.  
routers between the cisco and our OpenSwan-gateway. totaly strange: I  
am managing another OpenSwan-gateway with L2TP-clients, there is "no  
ip redirect" sat on a cisco and we have no problems at all. *but* we  
sometimes experience problems with dial-up-clients when the packets  
seem to be blocked by a firewall (where indeed no firewall *is*).

gateway-to-gateway-connections are *never*  affected, even if they  
are taken the same route where roadwarriors cant connect.

Could be a problem with the ciscos blocking l2tp-packets on the way  
from the OpenSwan-gateway to the roadwarrior (or vice versa) - but why?

in this special case, we are now switching to OpenVPN. looks like it  
works very well. and, maybe not at least because of some problems  
with L2tp-connections, our boss will decide to switch to a Cisco ASA  
with Cisco-clients on the roadwarriorsystems i the not so far future ...

anyway, thanx for the hints!



More information about the Users mailing list