[Openswan Users] rightsubnet parameter question
Ronald
loloski at yahoo.com
Thu Nov 5 03:27:07 EST 2009
Good day gents, I'm fairly new to the list, i'm really sorry if this question has been asked before, I was given a task to Interop with Cisco PIX today in tandem with 7206 router.
I'm fairly confuse as what is the real definition of rightsubnet, I'll attach here to a simple ascii diagram to demonstrate my confusion.
Centos 5.3 / Openswan 2.6.23
Linux -> 1.1.1.1 (public) -> (public) 2.2.2.2 Cisco Pix (Cisco Unity) -> unknown ip (Cisco 7206) NATed network (208.77.116.44/30)
|
|
Local Network (192.168.10.0/29)
openswan config
conn net-net
left = 1.1.1.1
leftsubnet = 192.168.10.0/29
leftnexthop = %defaultroute
right = 2.2.2.2
rightsubnet = 208.77.116.46/32
rightnexthop = %defaultroute
type = tunnel
ike = 3des-md5
esp = 3des-md5
auth = esp
pfs = no
auto = start
my problem is the cisco side is having an error in quick mode the tunnel on peer 1.1.1.1
in openswan my error is something like this
Nov 5 08:16:08 openswan-gw pluto[31064]: "net-net" #1: ignoring
informational payload, type NO_PROPOSAL_CHOSEN
I'm really sorry the system in question was done for a while, and that's the reason i can't give you the ipsec barf output.
I already google this up a couple of days ago, and and lead me to believe that this has something to do with subnet declaration on both side, not on a mismatch on crypto settings
For your input and guidance.
Best regards,
Ronaldo Chan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20091105/f244c318/attachment.html
More information about the Users
mailing list