[Openswan Users] Cisco Concentrator 3005 to Openswan
Paul Wouters
paul at xelerance.com
Mon Jun 11 10:52:58 EDT 2007
On Mon, 11 Jun 2007, ACasella wrote:
> I am now trying to connect an openswan server that I control to what I
> am told is a Cisco 3005 concentrator.
>
> I am using Linux Openswan U2.4.5/K2.6.20-1.2948.fc6 (netkey)
>
> I was given the following information from the Cisco Admin:
>
> # Public IP address of our VPN Concentrator - 137.186.xxx.xxx
> # SA used - ESP-3DES-MD5
> # Username - Some_Username
> # Password - somepassword
That probably means XAUTH.
> I set up my .conf file as follows:
>
> conn host-to-host
> type=tunnel
> authby=secret
> left=72.55.yyy.yyy
> leftnexthop=%defaultroute
> right=137.186.xxx.xxx
> rightnexthop=%defaultroute
> ike=3des-md5-modp1024
> esp=3des-md5
> keyexchange=ike
> pfs=yes
> auto=add
Which is missing from the configuration here.
> In my ipsec.secrets I have:
>
> 72.55.yyy.yyy 137.186.xxx.xxx : PSK "somepassword"
Either you will have an X.509 certificate, or you will also need
to ask the PSK.
> I don't know where to place the "username" so I ran ipsec auto --up
> host-to-host to see the outcome.
It should be the xauth parameter. See man ipsec.conf
Paul
More information about the Users
mailing list