[Openswan Users] LAN to LAN tunnel to a Cisco ASA firewall
Peter McGill
petermcgill at goco.net
Fri May 29 12:37:55 EDT 2009
Assuming your openswan machine has a public ip address and is not being NATed.
Add to /etc/ipsec.conf:
conn cisco
left=your public ip, ie 208.64.123.58
leftsubnet=your private lan, ie 192.168.48.0/24
leftsourceip=server private ip, ie 192.168.48.1
right=cisco public ip
rightsubnet=cisco private lan
ike=aes256-sha1-modp1536
esp=aes256-sha1
pfs=yes
auto=start # always on; or auto=add and ipsec auto --up cisco for manual connect
Add to /etc/ipsec.secrets:
your_public_ip cisco_public_ip : PSK "xxxxxxxxxxxx"
If doesn't connect, you may also need to know the names the cisco assigned to each side of the tunnel.
In which case add leftid=@your name and rightid=@cisco name
Also be sure not to block the ipsec or tunnel traffic with your iptables firewall.
Peter McGill
IT Systems Analyst
Gra Ham Energy Limited
> -----Original Message-----
> From: users-bounces at openswan.org
> [mailto:users-bounces at openswan.org] On Behalf Of Maverick
> Sent: May 29, 2009 12:08 PM
> To: users at openswan.org
> Subject: [Openswan Users] LAN to LAN tunnel to a Cisco ASA firewall
>
> Hi,
>
>
>
> I've been told that is possible to make a lan to lan tunnel
> connecting a linux box to a cisco asa firewall with openswan.
>
>
>
> The configurations on the cisco side are these ones:
>
>
>
> PSK: xxxxxxxxxxxx
>
> IKE (PHASE 1) : AES-256, SHA, DH5
>
> IPSEC (PHASE 2): AES-256, SHA, PFS enabled
>
>
>
> Can someone help me out how to configure openswan to connect
> to the cisco firewall with those settings?
>
>
>
>
More information about the Users
mailing list