Newsflash

OpenSwan to Cisco vpn config Print
How to configure openswan to cisco vpn.

I used a base install of archlinux with iptables, iproute, and openswan installed from the package repos. The cisco device was a 2621 running 12.3.22 , with ipfw crypto. You can verify crypto on the cisco side by doing a "show crypto isakmp sa" and "show crypto ipsec sa". On openswan do a "ipsec barf | more". Below is a config example.


#/etc/ipsec.conf

#add to config

conn test
      authby=secret
      left="OPENSWAN PUBLIC IP ADDRESS"
      leftsubnet=172.16.2.0/24
      leftnexthop="DEFAULT ROUTE TO INTERNET"
      right="CISCO PUBLIC IP"
      rightsubnet=172.16.1.0/24
      ike=aes256-md5
      esp=aes256-sha1
      dpdaction=restart
      keyexchange=ike
      auto=start
      pfs=no
      ikelifetime=24h
      keylife=24h
~               

#/etc/ipsec.secrets

"OPENSWAN PUBLIC IP ADDRESS" "CISCO PUBLIC IP" : PSK ""PRESHARED KEY"" <-- key musy be in double quotes

 


#cisco config

crypto isakmp key "PRESHARED KEY" address "OPENSWAN PUBLIC IP ADDRESS" no-xauth

ip access-list extended OPENSWAN
 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255

crypto ipsec transform-set AES esp-aes 256 esp-sha-hmac

crypto isakmp policy 10
 encr aes 256
 hash md5
 authentication pre-share
 group 2         

crypto map net 10 ipsec-isakmp
 set peer "OPENSWAN PUBLIC IP ADDRESS"
 set transform-set AES
 match address OPENSWAN

interface FastEthernet0/1
 ip address "CISCO PUBLIC IP" "CISCO PUBLIC IP MASK"
 crypto map net
!
 
< Prev
[ Back ]
eWeather
Charlestown, IN
Temp: 66°F
Wind Chill: 66°F
Humidity: 95%
Speed: 2 mph
Direct.: 30°
Barom.: 29.98 in
NE
Show more details
Provided by: 
Links
Charlestown Little League's Home Page
Credit Card Information
Disney Vacation
Disney Chat
EChcarlestown
Jason Begley Com
My Family Realtor
Google