Openswan to Cisco ASA 5505 VPN Help

Ben Francom bfrancom at gmail.com
Fri Aug 29 13:11:47 MST 2008


Greetings,
I'm gradually replacing our aging BorderManager VPN's w/ Openswan and
Cisco.  I'm trying to overcome some routing issues with the new
configuration.  Here is the setup:

10.10.90.0/24===aa.bb.cc.187---aa.bb.cc.190...dd.ee.ff.33---dd.ee.ff.46===192.168.1.0/24

Left Network [Linux OpenSwan]	Site-to-Site VPN	Right Network [Cisco ASA 5505]
Public VPN IP: aa.bb.cc.187		<-->		Public VPN IP: dd.ee.ff.46
Internal Network: 10.10.90.0/24	<-->		Internal Network: 192.168.1.0/24
Openswan Internal IP: 10.10.90.3	<-->		Cisco Internal IP: 192.168.1.1

The tunnel is up, and:
I can ping from Cisco LAN (192.168.1.x) to Openswan server (10.10.90.3)
I can NOT ping from Cisco LAN to Openswan LAN

I can NOT ping from Openswan to Cisco (Anything)

Openswan route:
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
aa.bb.cc.184    *               255.255.255.248 U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1
10.10.90.0      *               255.255.255.0   U     0      0        0 eth0
10.10.90.0      *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
default         aa.bb.cc.190    0.0.0.0         UG    0      0        0 eth1

What other routes might I need on the Linux side?  The goal is to have
both LAN's communicate using any protocol.

I can post the Cisco config if needed.
Thanks in advance for any advice.

-Ben


More information about the PLUG-discuss mailing list