[Openswan Users] Openswan with NETKEY and monitoring data
Mark Dalton
mdalton at princeton.edu
Fri Apr 8 12:59:41 EDT 2011
On 04/08/2011 12:23 PM, Paul Wouters wrote:
> On Fri, 8 Apr 2011, Mark Dalton wrote:
>
>> I just need a pointer in the right direction, I am not sure why I needed
>> to have:
>> leftsubnet= 0.0.0.0/0
>> versus
>> leftsubnet= 192.168.0.0/25
>> > They need to re-identify their permitted traffic (on Cisco it is
>> > done
>> > in the Crypto ACL) to allow any IP traffic to the mobile pool, not
>> > just one host. This is to mirror-reverse match what we have
>> > configured on our side -
>> >
>> > IPSEC FLOW: permit ip 192.168.1.0/255.255.255.128 0.0.0.0/0.0.0.0
> Because they told you that their end is 192.168.1.0/255.255.255.128 and your
> end is 0.0.0.0/0.0.0.0. It's not openswan telling you something. It is the
> cisco people who are telling you to use that.
>
> Paul
I understand that they are telling me to do this. However again.. Back
to the question..
Is there a way I can access the traffic on my side to see the src/dst for
each packet going to these devices.. or redirect all traffic from them
over a secondary ethernet and out to the internet?
I am more of a parallel programmer than a systems guy..
Mark
More information about the Users
mailing list