[Openswan Users] Ping works, from and to Openswan gateway, but not other traffic - may be Cisco problem

[Whit Blauvelt]

On Sun, Aug 08, 2010 at 12:58:35PM -0400, Paul Wouters wrote:
> On Sun, 8 Aug 2010, Whit Blauvelt wrote:
> 
> >>From Openswan to a Cisco ASA, the subnet-to-subnet traffic has been working
> >beautifully for months. Now I'm trying to get traffic from the gateway
> >itself to the remote subnet working.
> >
> >There are two tunnels, the subnet-to-subnet and the gateway-to-subnet. The
> >gateway-to-subnet varies only in its name and in not having a leftsubnet=
> >line.
> 
> Don't you also need the subnet-to-gateway tunnel and the gateway-to-gateway
> tunnel?

Paul,

Thanks for the quick response. From you I should take that as a leading
question. But why would I need those? I don't need (and don't have) access
to the Cisco on the other end. So I don't see what role a
subnet-to-Cisco-gateway or gateway-to-Cisco-gateway tunnel could play. 

I can ping through the tunnel, from any subnet IP to any subnet IP including
the LAN-side IP of the local Openswan gateway. So from the LAN-side gateway
I can ping, and at that gateway I can be pinged. But from that gateway I
cannot get _other_ traffic through to the subnet behind the Cisco gateway,
while from other boxes on the LAN, that same other traffic goes through the
tunnel to the IPs behind the Cisco just fine.

Are you suggesting that the Cisco needs a subnet-to-gateway tunnel set on
its side? If so, why do the pings already work? It's the "pings work, other
stuff doesn't" nature of the problem that's perplexing me.

Whit