[Openswan Users] LAN to LAN tunnel to a Cisco ASA firewall

Peter McGill petermcgill at goco.net
Fri May 29 12:37:55 EDT 2009


Assuming your openswan machine has a public ip address and is not being NATed.

Add to /etc/ipsec.conf:
conn cisco
	left=your public ip, ie 208.64.123.58
	leftsubnet=your private lan, ie 192.168.48.0/24
	leftsourceip=server private ip, ie 192.168.48.1
	right=cisco public ip
	rightsubnet=cisco private lan
	ike=aes256-sha1-modp1536
	esp=aes256-sha1
	pfs=yes
	auto=start # always on; or auto=add and ipsec auto --up cisco for manual connect

Add to /etc/ipsec.secrets:
your_public_ip cisco_public_ip : PSK "xxxxxxxxxxxx"

If doesn't connect, you may also need to know the names the cisco assigned to each side of the tunnel.
In which case add leftid=@your name and rightid=@cisco name

Also be sure not to block the ipsec or tunnel traffic with your iptables firewall.


Peter McGill
IT Systems Analyst
Gra Ham Energy Limited 

> -----Original Message-----
> From: users-bounces at openswan.org 
> [mailto:users-bounces at openswan.org] On Behalf Of Maverick
> Sent: May 29, 2009 12:08 PM
> To: users at openswan.org
> Subject: [Openswan Users] LAN to LAN tunnel to a Cisco ASA firewall
> 
> Hi,
> 
>  
> 
> I've been told that is possible to make a lan to lan tunnel 
> connecting a linux box to a cisco asa firewall with openswan.
> 
>  
> 
> The configurations on the cisco side are these ones:
> 
>  
> 
> PSK: xxxxxxxxxxxx
> 
> IKE (PHASE 1) : AES-256, SHA, DH5
> 
> IPSEC (PHASE 2): AES-256, SHA, PFS enabled
> 
>  
> 
> Can someone help me out how to configure openswan to connect 
> to the cisco firewall with those settings?
> 
>  
> 
> 



More information about the Users mailing list