[Openswan Users] lan2lan to cisco asa
Wappie MD
omight at gmail.com
Fri Feb 2 11:49:51 EST 2007
Heya!
I want to start a lan2lan connection from a openswan to a cisco asa
5000 series firewall based on plain ipsec. I could not get a
connection going so I wondered if you can spot anything wrong in my
configs files.
Also, is it allowed to have nat_traversal=no in a conn section since I
need to have nat_traversal=yes in the config section for my other vpn
connections where i *do* want nat_traversal=yes.
Also, these configs files are for testing so they include PSK options.
Those will be replaced with RSA later when I have things working. I
have replaced the real IP addresses with fake ones to post to this
list.
Any hints are welcome :D
Muha.
# cat /etc/ipsec.conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
interfaces="ipsec0=eth1"
nat_traversal=yes
plutodebug="control"
uniqueids=yes
conn %default
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
compress=no
disablearrivalcheck=no
forceencaps=yes
keylife=8h
keyingtries=5
pfs=no
type=transport
conn testing
left=114.114.0.110
leftsubnet=169.254.0.0/16
leftnexthop=192.168.13.2
leftcert=concentrator-cert.pem
right=%any
rightsubnet=192.168.1.0/24
rightcert=testing-cert.pem
rightca=%same
auto=add
ike=3des-md5
esp=3des-md5
nat_traversal=no
type=tunnel
authby=secret|rsasig
# cat /etc/ipsec.secrets
# PSK
114.114.0.110 192.3.21.10: PSK "myfirsttest"
More information about the Users
mailing list