[Openswan Users] Ubuntu - Cisco help please...

Martin Schwartz ms at wsap.net
Mon Jan 25 14:25:42 EST 2010 

What's the config of your pix (sh ru)?

It should contain something like

 

crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac 

 

crypto map vpn 11 ipsec-isakmp

crypto map vpn 11 match address xxx

crypto map vpn 11 set peer x.x.x.x

crypto map vpn 11 set transform-set 3des-md5 

crypto map vpn interface outside

 

isakmp key xxx address x.x.x.x netmask 255.255.255.0

 

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 3600

 

Cheers,

ms

 

Von: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Im
Auftrag von Avesh Agarwal
Gesendet: Montag, 25. Januar 2010 19:25
An: users at openswan.org
Betreff: Re: [Openswan Users] Ubuntu - Cisco help please...

 

On 01/21/2010 03:20 PM, openwan wan wrote: 

Hello everybody, 

I am asking for help after spending two days to get this working. I want to
connect from my ubuntu machine having a public ip address to couple of pcs
inside a corporation. These PCs have 172.x.x.x addresses. I dont have any
subnet behind my public machine that is running OpenSwan, that is the
machine that will do the talking to the PCS and also runs the OpenSwan. Is
it possible at all? The PCs are protected by a Cisco PIX. here is my
ipsec.conf file.

 

type=           tunnel


authby=         secret


#RRT


 left=           xx.xx.xx.xx


#leftsubnet=     192.168.1.0/24


leftnexthop=    %defaultroute


 #SAA


 right=          yy.yy.yy.yy


rightsubnet=    172.33.15.0/24


rightnexthop=   %defaultroute


esp=            3des-md5


 keyexchange=    ike


pfs=            no      


Did you try pfs=yes?



 


 auto=           start 

 

The tunnel itself is nto getting established, I keep getting Pluto error
NO_PROPOSAL accepted. Any help will be appreciated. Thanks.

 
 
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100125/2728a255/attachment.html

More information about the Users mailing list