[Openswan Users] specifying remote subnets and connecting to individual hosts on a remote vpn
Paul Wouters
paul at xelerance.com
Fri May 15 09:18:43 EDT 2009
On Fri, 15 May 2009, Frank Wilson wrote:
> I'm trying to configure an ispec tunnel with a remote site.
> The remote site will only let me connect to these ips on the
> remote vpn.
>
> 10.130.245.105
> 10.130.245.106
> 10.130.245.107
> If I specify the remote subnets too wide, the vpn gateway
> (a CISCO ASA 5520) will refuse to setup the phase2 connection.
> So for instance specifying 10.130.245.0/24 as a right subnet
> Will cause phase2 to hang before it completes.
> So I try 10.130.245.105/30 and 10.120.100.105/30 as in the following
> config, but I still have doubts.
Ciscos tend to lie about that. eg they will allow phase 2, but still
drop the packets later. Ask the cisco admin what they configured
exactly.
Paul
More information about the Users
mailing list