[Openswan Users] No traffic between Openswan and Cisco IPSEC

users-bounces at lists.openswan.org users-bounces at lists.openswan.org
Tue May 17 04:09:28 EDT 2016 

Rescued from the spam bucket.  Please remember to subscribe to the mailing list before posting to it.

From: Ümit Çakar <ue_cakar at yahoo.com.au <mailto:ue_cakar at yahoo.com.au>>
Subject: No traffic between Openswan and Cisco IPSEC
Date: May 17, 2016 at 4:09:18 AM EDT
To: <users at lists.openswan.org <mailto:users at lists.openswan.org>>


Hi Everyone,
Complete newbie here trying to implement and learn a bit too but wondering if I’m out of my depth here… 
 
Anyway, I’ve got the basic IPSEC tunnel up and running between an Openswan server and a Cisco router. VPN tunnel is established and stays up. I have no traffic between the two end points though (by no traffic I mean ICMP/ping traffic. Below are my configs on both ends, any light you can shed is highly appreciated. Thanks in advamce.
 
######/etc/ipsec.conf#######
config setup
 
conn IPSEC
        #auto=start #automatically start if detected
        type=tunnel #tunnel mode/not transport
                                authby=secret
                                auto=add
                                
        ###THIS SIDE###
        left=193.Open.Swan.WAN                                  # OpenSwan-WAN_IP
        leftsubnet=172.16.255.0/24                                # OpenSwan-LAN
        leftsourceip=172.16.255.1                    # OpenSwan-LAN_IP
                                
                                
        ###PEER SIDE###
        right=123.Cisco.Router.WAN                              # CiscoRouter-WAN
        rightsubnet=172.16.0.0/24                   # CiscoRouter-LAN
                                rightsourceip=172.16.0.1                              # CiscoRouter-LAN_IP
                                
        #phase 1 
                                keyexchange=ike
        #phase 2 
                                esp=3des-md5-96
                                
 
 
#######/etc/ipsec.secrets##############
#{local}    {peer}     : PSK "{secret}"
193.Open.Swan.WAN 123.Cisco.Router.WAN : PSK "{secret}"
 
# IPTABLE ENTRIES ON OPENSWAN                         
iptables -t filter -N FORWARDS
iptables -t filter -A FORWARDS -d 172.16.0.0/24 -i eth0 -o ipsec0 -j ACCEPT
iptables -t filter -A FORWARDS -d 172.16.0.0/24 -i ipsec0 -o eth0 -j ACCEPT
iptables -t filter -A OUTPUT -d 172.16.0.0/24 -o ipsec0 -j ACCEPT                                
                                
                                
                                
 
                                
                                
 
! Cisco Config
!====================================================
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key privacyviolationbybigbrother address 193.Open.Swan.WAN
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set s1s2trans esp-3des esp-md5-hmac
!
crypto map to-site2 10 ipsec-isakmp
set peer 193.Open.Swan.WAN
set transform-set s1s2trans
match address 101
 
interface Dialer 0
crypto map to-site2
ip route 172.16.255.0 255.255.255.0 193.Open.Swan.WAN
ip nat inside source route-map nonat interface Dialer 0 overload
!
access-list 101 permit ip 172.16.0.0 0.0.0.255 172.16.255.0 0.0.0.255
!access-list 150 deny   ip 172.16.0.0 0.0.0.255 172.16.255.0 0.0.0.255
!access-list 150 permit ip 172.16.0.0 0.0.0.255 any
route-map nonat permit 10
match ip address 150
 
 
Regards,
Umit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160517/d15f265f/attachment-0001.html>

More information about the Users mailing list