[Openswan Users] lan2lan to cisco asa

Wappie MD omight at gmail.com
Fri Feb 2 11:49:51 EST 2007


Heya!

I want to start a lan2lan connection from a openswan to a cisco asa
5000 series firewall based on plain ipsec. I could not get a
connection going so I wondered if you can spot anything wrong in my
configs files.
Also, is it allowed to have nat_traversal=no in a conn section since I
need to have nat_traversal=yes in the config section for my other vpn
connections where i *do* want nat_traversal=yes.
Also, these configs files are for testing so they include PSK options.
Those will be replaced with RSA later when I have things working. I
have replaced the real IP addresses with fake ones to post to this
list.
Any hints are welcome :D
Muha.

# cat /etc/ipsec.conf
version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
        interfaces="ipsec0=eth1"
        nat_traversal=yes
        plutodebug="control"
        uniqueids=yes

conn %default
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
        compress=no
        disablearrivalcheck=no
        forceencaps=yes
        keylife=8h
        keyingtries=5
        pfs=no
        type=transport

conn testing
        left=114.114.0.110
        leftsubnet=169.254.0.0/16
        leftnexthop=192.168.13.2
        leftcert=concentrator-cert.pem
        right=%any
        rightsubnet=192.168.1.0/24
        rightcert=testing-cert.pem
        rightca=%same
        auto=add
        ike=3des-md5
        esp=3des-md5
        nat_traversal=no
        type=tunnel
        authby=secret|rsasig

# cat /etc/ipsec.secrets
# PSK
114.114.0.110 192.3.21.10: PSK "myfirsttest"


More information about the Users mailing list