[Openswan Users] Trouble routing ASA VPN-connected subnet through Cisco 1900 <-> openswan tunnel
Peter McGill
petermcgill at goco.net
Wed Oct 1 15:48:17 EDT 2014
Jon,
Try adding leftsourceip=192.168.100.1 to the openswan config.
Also I'm not sure about rightsubnets={192.168.20.0/22 192.168.88.0/24}
Unless that's a new feature, it won't work.
What we've always done in the past is separate conn sections for each
subnet.
Don't worry if it's one tunnel in cisco and two in openswan.
That's just configuration syntax, it will work.
So...
conn main
authby=secret
auto=start
left=xxx.xxx.xx.xx
leftid=xxx.xx.xxx.xx
leftsubnet=192.168.100.0/24
leftsourceip=192.168.100.1
leftnexthop=%defaultroute
right=xxx.xx.xxx.xx
rightsubnet=192.168.20.0/22
rightnexthop=%defaultroute
phase2=esp
phase2alg=aes256-sha1;modp2048
forceencaps=yes
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=yes
conn asa
authby=secret
auto=start
left=xxx.xxx.xx.xx
leftid=xxx.xx.xxx.xx
leftsubnet=192.168.100.0/24
leftsourceip=192.168.100.1
leftnexthop=%defaultroute
right=xxx.xx.xxx.xx
rightsubnet=192.168.88.0/24
rightnexthop=%defaultroute
phase2=esp
phase2alg=aes256-sha1;modp2048
forceencaps=yes
dpddelay=30
dpdtimeout=120
dpdaction=restart
pfs=yes
Peter
More information about the Users
mailing list