[Openswan Users] Openswan with NETKEY and monitoring data
Paul Wouters
paul at xelerance.com
Fri Apr 8 12:23:35 EDT 2011
On Fri, 8 Apr 2011, Mark Dalton wrote:
> I just need a pointer in the right direction, I am not sure why I needed
> to have:
> leftsubnet= 0.0.0.0/0
> versus
> leftsubnet= 192.168.0.0/25
> > They need to re-identify their permitted traffic (on Cisco it is
> > done
> > in the Crypto ACL) to allow any IP traffic to the mobile pool, not
> > just one host. This is to mirror-reverse match what we have
> > configured on our side -
> >
> > IPSEC FLOW: permit ip 192.168.1.0/255.255.255.128 0.0.0.0/0.0.0.0
Because they told you that their end is 192.168.1.0/255.255.255.128 and your
end is 0.0.0.0/0.0.0.0. It's not openswan telling you something. It is the
cisco people who are telling you to use that.
Paul
More information about the Users
mailing list