LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page site2site vpn with openswan to cisco asa 5500
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-02-2010, 03:45 AM   #1
kloenie
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Rep: Reputation: Disabled
site2site vpn with openswan to cisco asa 5500

Hi there,

I have a problem with getting a vpn connection working.

I have openswan and the other side has an cisco asa 5500
This is what i got from them :

Local peer ( our external ip ) : 77.61.201.201.18
Local network ( our local network ) : 192.168.5.0/24
Remote peer ( there external ip ) : 81.21.176.90
Remote network (there local network): 81.21.188.161/32

Ipsec phase 1
Proxy id : vpn.swp.nl ( not requered
Pre shared key : fakefakefakefake
Ike policy encryption/auth/dhgroup : 3DES /SHA / Group 2
Security association phase 1 : 86400 sec
Ike negotiation mode : main

Ipsec phase 2
Ipsec esp encryption/esp authe : 3DES /SHA
Security assosiation phase 2 : 28800 sec
Perfect forward secrecy (PFS ) : DH Group 2

What i have in the ipsec.conf
Conn nameconnection
Keyexchange=ike
Type=tunnel
Ike=3des-md5
Esp=3des-md5
Authby=secret
Keyingtries=0
Left=77.61.201.18
Leftsubnet=192.168.5.0/24
Leftnexthop=77.61.201.17
Right=81.21.176.90
Rightsubnet=81.21.188.161/32
Rightnexthop=%defaultroute
Compres=no
Auto=start
Spi=0x0
Pfs=no

And then this is what i get in the secure log :
www.de-breul.com/log.jpg

i can’t get a connection…

where do i need to look at ?

gr kloenie
Last edited by kloenie; 12-02-2010 at 04:29 AM.
 
Old 12-02-2010, 07:52 AM   #2
kloenie
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Original Poster
Rep: Reputation: Disabled
the company is saying that the problem is in the cipher encryption, where can i change that ?
 
Old 12-02-2010, 08:54 AM   #3
kloenie
LQ Newbie
 
Registered: Dec 2010
Posts: 5

Original Poster
Rep: Reputation: Disabled
problem fixed.

removed the :

Ike=3des-md5
Esp=3des-md5

then it is working with the PHA
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to create a site2site with OpenSwan and Cisco ASA 5510 OdinnBurkni Linux - Security 17 05-01-2016 03:52 AM
site to site vpn racoon with cisco asa 5505 routing issues wastingtime Linux - Networking 1 04-02-2010 12:26 PM
Remote Access VPN with Racoon to Cisco ASA kuksi Linux - Security 1 07-19-2008 12:27 AM
Openswan/Cisco PIX: NATting a VPN Tunnel SnotRocket Linux - Networking 1 01-28-2007 09:13 PM
VPN site2site with Microsoft server mmarinho Linux - Networking 4 08-12-2005 07:22 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:26 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration