Openswan to Cisco ASA 5505 VPN Help
Ben Francom
bfrancom at gmail.com
Fri Aug 29 13:11:47 MST 2008
Greetings,
I'm gradually replacing our aging BorderManager VPN's w/ Openswan and
Cisco. I'm trying to overcome some routing issues with the new
configuration. Here is the setup:
10.10.90.0/24===aa.bb.cc.187---aa.bb.cc.190...dd.ee.ff.33---dd.ee.ff.46===192.168.1.0/24
Left Network [Linux OpenSwan] Site-to-Site VPN Right Network [Cisco ASA 5505]
Public VPN IP: aa.bb.cc.187 <--> Public VPN IP: dd.ee.ff.46
Internal Network: 10.10.90.0/24 <--> Internal Network: 192.168.1.0/24
Openswan Internal IP: 10.10.90.3 <--> Cisco Internal IP: 192.168.1.1
The tunnel is up, and:
I can ping from Cisco LAN (192.168.1.x) to Openswan server (10.10.90.3)
I can NOT ping from Cisco LAN to Openswan LAN
I can NOT ping from Openswan to Cisco (Anything)
Openswan route:
Destination Gateway Genmask Flags Metric Ref Use Iface
aa.bb.cc.184 * 255.255.255.248 U 0 0 0 eth1
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
10.10.90.0 * 255.255.255.0 U 0 0 0 eth0
10.10.90.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default aa.bb.cc.190 0.0.0.0 UG 0 0 0 eth1
What other routes might I need on the Linux side? The goal is to have
both LAN's communicate using any protocol.
I can post the Cisco config if needed.
Thanks in advance for any advice.
-Ben
More information about the PLUG-discuss
mailing list