<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Hello,<BR>
         We've been struggling with getting a working vpn tunnel up between a Strongswan Linux host and a Cisco ISR router (1941).  We're trying to setup a subnet-subnet VPN.<BR>
 <BR>
Does anyone have a working configuration of a working setup between any Cisco router (non-ASA,non-PIX), and a Strongswan server?  <BR>
 <BR>
Details:<BR>
Strongswan vU4.4.1 with kernel 2.6.32-5-amd64<BR>
 <BR>
ipsec.conf:<BR><FONT size=2>
config setup<BR>
       plutodebug=control<BR>
       crlcheckinterval=180<BR>
       strictcrlpolicy=no <BR>
       nat_traversal=yes<BR>
       charonstart=no<BR>
 <BR>
conn %default <BR>
       ikelifetime=3600s<BR>
       keylife=20m<BR>
       rekeymargin=3m<BR>
       keyingtries=1<BR>
       keyexchange=ikev1<BR>
<BR>
 <BR>
conn vpn1<BR>
       left=192.168.0.2                       # Cisco ISR<BR>
       leftsubnet=10.2.3.96/28         # User subnet  (peer1)<BR>
       right=172.16.0.1                       # StrongSwan Linux (peer2)<BR>
       rightsubnet=10.1.1.0/16         # Network users will access<BR>
       auto=start<BR></FONT>                                    </div></body>
</html>