[Openswan Users] OpenSwan to Cisco ASA with Access Control Lists

James Bewley james.bewley at telemisis.com
Thu Apr 28 05:04:24 EDT 2016


I am using IPCop which uses OpenSwan under the hood for IPSec.  I am trying
to set-up a tunnel between this router and a remote site (Cisco ASA).

With a simple setup bridging both networks works and I can get traffic
through the tunnel in both directions across the entire IP range.

The remote site now wants to limit the access using an ACL and informs me
that our end will also need to implement this ACL for the connection to be
established.  Once they apply the ACL the IPSec tunnel goes down so assume
he is right.

So, how do I configure OpenSwan to match the ACL; do i need to defined a
'subnet' for each remote IP address? Is there another way?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160428/2dc0b761/attachment.html>

More information about the Users mailing list