[Openswan Users] OpenSwan to Cisco ASA with Access Control Lists

Patrick Naubert patrickn at xelerance.com
Thu Apr 28 08:54:31 EDT 2016

Rescued from the spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: James Bewley <james.bewley at telemisis.com>
Subject: OpenSwan to Cisco ASA with Access Control Lists
Date: April 28, 2016 at 5:02:49 AM EDT
To: users at lists.openswan.org


I am using IPCop which uses OpenSwan under the hood for IPSec.  I am trying to set-up a tunnel between this router and a remote site (Cisco ASA).

With a simple setup bridging both networks works and I can get traffic through the tunnel in both directions across the entire IP range.

The remote site now wants to limit the access using an ACL and informs me that our end will also need to implement this ACL for the connection to be established.  Once they apply the ACL the IPSec tunnel goes down so assume he is right.

So, how do I configure OpenSwan to match the ACL; do i need to defined a 'subnet' for each remote IP address? Is there another way?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160428/4e9645c3/attachment.html>

More information about the Users mailing list