[strongSwan] StrongSWAN <-> Cisco router IOS 12.4
François Van Ingelgom
francois.vaningelgom at pcsol.be
Tue May 11 15:22:46 CEST 2010
Hi everyone!
I'm trying to setup Strongswan (debian package) with a Cisco router (IOS 12.4).
Both servers are on the same subnet (our public subnet) for testing purposes.
Here is my ipsec.conf for strongswan:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
interfaces="ipsec0=eth0"
conn %default
ikelifetime=86400
keylife=3600
keyingtries=%forever
authby=secret
auth=esp
ike=aes128-sha1-modp1024!
esp=aes128-sha1!
pfs=no
dpdaction=hold
dpddelay=60
dpdtimeout=500
conn tunnelipsec
type=tunnel
auto=start
left=81.246.56.89
leftnexthop=81.246.56.65
leftsubnet=192.168.16.0/24
right=192.168.1.218
rightnexthop=192.168.1.1
rightsubnet=192.168.18.0/24
include /etc/ipsec.d/examples/no_oe.conf
And here is my ipsec.secrets
81.246.56.89: PSK "SecretTunnelPass"
I'm sorry, i don't have the cisco config right here but it's a classical non tunnel configuration (esp-aes esp-sha-hmac aes128 and sha).
In fact, the connection can be established but when i try to ping the other end, the cisco fails claiming that he has no route for the network connected to the strongswan....
I really have no idea how to set it up, and i've been searching for a very long time now :/
I anybody would have any idea, hints or anything, i'll greatly appreciate :)
Thanks a lot
François Van Ingelgom
More information about the Users
mailing list