[Openswan Users] cisco and asa 5510

piotr.1234 at interia.pl piotr.1234 at interia.pl
Wed Jan 28 08:04:17 EST 2009


I have problem with vpn between ASA and openswan. I use some configuration from openswan page. IKE phase 1 and 2 are estabilish but packet don't pass. I turn off iptables.


10.10.10.0/24 - Openswan 192.168.1.1===192.168.1.2-Cisco--20.20.20.0/26

my conf:
config setup
        interfaces="ipsec0=eth1"
        plutodebug=control
        strictcrlpolicy=no
        nat_traversal=no
        uniqueids=yes

conn %default
        type=tunnel
        authby=secret
        ikelifetime=480m
        keylife=480m
        keyingtries=3
        auto=start
        keyexchange=ike
        pfs=no
        auth=esp
        #esp=3des-md5
        #ike=3des-sha1-modp1536
        #dpdaction=hold
        #dpddelay=60
        #dpdtimeout=500



conn erwin01
        left=192.168.1.1
        leftsubnet=10.10.10.0/24
        leftnexthop=192.168.1.2
        right=192.168.1.2
        rightsubnet=20.20.20.0/26
        rightnexthop=192.168.1.1


        
service ipsec status
IPsec running  - pluto pid: 6037
pluto pid 6037
2 tunnels up
some eroutes exist

 
Jan 27 23:05:57 erwin ipsec_setup: Starting Openswan IPsec 2.6.19...
Jan 27 23:05:57 erwin ipsec_setup: Using KLIPS/legacy stack
Jan 27 23:05:57 erwin kernel: padlock: VIA PadLock not detected.
Jan 27 23:05:57 erwin ipsec_setup: KLIPS debug `none'
Jan 27 23:05:57 erwin kernel:
Jan 27 23:05:57 erwin ipsec_setup: KLIPS ipsec0 on eth1 [ip] broadcast 
Jan 27 23:05:57 erwin pluto: adjusting ipsec.d to /etc/ipsec.d
Jan 27 23:05:57 erwin ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Jan 27 23:05:57 erwin ipsec_setup: ...Openswan IPsec started
Jan 27 23:05:57 erwin ipsec__plutorun: 002 added connection description "erwin01"
Jan 27 23:05:57 erwin ipsec__plutorun: 002 added connection description "erwin02"
Jan 27 23:05:58 erwin ipsec__plutorun: 104 "erwin01" #1: STATE_MAIN_I1: initiate


Jan 28 13:49:58 erwin pluto[6037]: |
Jan 28 13:49:58 erwin pluto[6037]: | *time to handle event
Jan 28 13:49:58 erwin pluto[6037]: | handling event EVENT_PENDING_PHASE2
Jan 28 13:49:58 erwin pluto[6037]: | event after this is EVENT_SHUNT_SCAN in 119 seconds
Jan 28 13:49:58 erwin pluto[6037]: | inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
Jan 28 13:49:58 erwin pluto[6037]: | pending review: connection "erwin02" checked
Jan 28 13:49:58 erwin pluto[6037]: | pending review: connection "erwin01" checked
Jan 28 13:49:58 erwin pluto[6037]: | next event EVENT_SHUNT_SCAN in 119 seconds

my cisco conf:

crypto ipsec transform-set erwin01 esp-3des esp-sha-hmac
crypto map outside_map 40 match address erwin01
crypto map outside_map 40 set peer 192.168.1.1
crypto map outside_map 40 set transform-set erwin01_w_wawie

crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800

access-list erwin01 line 1 extended permit ip 20.20.20.0 255.255.255.192 10.10.10.0 255.255.255.0


thanks for some help
Peter

----------------------------------------------------------------------
Obdaruj swoja Walentynke ... lub siebie!
Wygraj nagrody! Sprawdz >> http://link.interia.pl/f203a 



More information about the Users mailing list