[Openswan Users] Trouble routing ASA VPN-connected subnet through Cisco 1900 <-> openswan tunnel

Peter McGill petermcgill at goco.net
Wed Oct 1 15:48:17 EDT 2014


Jon,

Try adding leftsourceip=192.168.100.1 to the openswan config.

Also I'm not sure about rightsubnets={192.168.20.0/22 192.168.88.0/24}

Unless that's a new feature, it won't work.

What we've always done in the past is separate conn sections for each
subnet.
Don't worry if it's one tunnel in cisco and two in openswan.
That's just configuration syntax, it will work.

So...

conn main
  authby=secret
  auto=start
  left=xxx.xxx.xx.xx
  leftid=xxx.xx.xxx.xx
  leftsubnet=192.168.100.0/24
  leftsourceip=192.168.100.1
  leftnexthop=%defaultroute
  right=xxx.xx.xxx.xx
  rightsubnet=192.168.20.0/22
  rightnexthop=%defaultroute
  phase2=esp
  phase2alg=aes256-sha1;modp2048
  forceencaps=yes
  dpddelay=30
  dpdtimeout=120
  dpdaction=restart
  pfs=yes

conn asa
  authby=secret
  auto=start
  left=xxx.xxx.xx.xx
  leftid=xxx.xx.xxx.xx
  leftsubnet=192.168.100.0/24
  leftsourceip=192.168.100.1
  leftnexthop=%defaultroute
  right=xxx.xx.xxx.xx
  rightsubnet=192.168.88.0/24
  rightnexthop=%defaultroute
  phase2=esp
  phase2alg=aes256-sha1;modp2048
  forceencaps=yes
  dpddelay=30
  dpdtimeout=120
  dpdaction=restart
  pfs=yes


Peter



More information about the Users mailing list