Hi tom It works. I also mentionned the virtual interface eth0:7:193.... Thanks for your help. Gilbert
Envoyé avec AquaMail pour Android http://www.aqua-mail.com Le 6 février 2015 18:08:57 Tom Eastep <[email protected]> a écrit : > On 2/4/2015 12:37 PM, Gilbert Robert wrote: > > Hi, > > > > I would like to establish an IPSEC connection from one site to one site. > > Site A is a Cisco ASA and site B is a Linux Debian Wheezy > > > > On site A we don't have any access, but on site B we can do what we want. > > I installed Shorewall 4.5.5.3 and openswan 1:2.6.37-3+deb7u1 > > > > I spent a lot of time trying to connect those 2 sites like this > > > > site B > site A > > [ 10.1.0.0 ] -----[ 10.1.0.1 / eth0 143.123.123.121/28 ] ..... [ > 190.120.87.165 ]---[193.198.43.0] > > eth0 143.123.123.122 > > > > This would be relatively simple if Site A did not want nat in the VPN. In > fact they want to see only one source address from the network B for example > > the 143.123.123.122. They don't want to see rfc1918 addresses in subnet B. > > > > I read and reread the pages of shorewall but I'm a little bit confused now. > > I can establish IPsec phase I but the second not. Ipsec therefore works > but it appears that phase II stuck. > > > > My part of config: > > > > interfaces > > vpn ppp0 - > > net eth0 > > > > hosts > > vpn eth0:193.198.43.0/24 ipsec > > > > masq > > eth0 10.1.0.0/24 143.123.123.122 - - - > mode=tunnel,tunnel-dst=193.198.43.0/24 > > Because the IPSEC PD doesn't recognize 10.1.0.0/24 as the source for any > IPSEC policy, I suspect that the rule never matches. You rather want: > > eth0:193.198.43.0 10.1.0.0/24 143.123.123.122 > > > > > tunnels > > ipsec net 190.120.87.165/32 vpn > > > > Many thanks in advance for you help and lights .... > > > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > > ---------- > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming. The Go Parallel Website, > sponsored by Intel and developed in partnership with Slashdot Media, is your > hub for all things parallel software development, from weekly thought > leadership blogs to news, videos, case studies, tutorials and more. Take a > look and join the conversation now. http://goparallel.sourceforge.net/ > > > ---------- > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
