[Openswan Users] OpenSwan to Cisco ASA with Access Control Lists
james.bewley at telemisis.com
Thu Apr 28 09:58:41 EDT 2016
I've figured this out now.
It appears that the Cisco ASA treats each access-list rule as a separate
connection and your ipsec.conf needs to have a connection for each server
# net-2-net to RED
left=<public IP - site1>
right=<public IP - site2>
# Server 1
# Server 2
On 28 April 2016 at 13:54, Patrick Naubert <patrickn at xelerance.com> wrote:
> Rescued from the spam bucket. Please remember to subscribe to the mailing
> list before posting to it.
> *From: *James Bewley <james.bewley at telemisis.com>
> *Subject: **OpenSwan to Cisco ASA with Access Control Lists*
> *Date: *April 28, 2016 at 5:02:49 AM EDT
> *To: *users at lists.openswan.org
> I am using IPCop which uses OpenSwan under the hood for IPSec. I am
> trying to set-up a tunnel between this router and a remote site (Cisco ASA).
> With a simple setup bridging both networks works and I can get traffic
> through the tunnel in both directions across the entire IP range.
> The remote site now wants to limit the access using an ACL and informs me
> that our end will also need to implement this ACL for the connection to be
> established. Once they apply the ACL the IPSec tunnel goes down so assume
> he is right.
> So, how do I configure OpenSwan to match the ACL; do i need to defined a
> 'subnet' for each remote IP address? Is there another way?
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users