Hello François, I don't see anything special in your configuration file except that it looks like an Openswan configuration.
I assume that the strongSwan side is right=192.168.1.218 which makes use of a port forwarding setup (NAT traversal seems not to be enabled) on the router rightnexthop=192.168.1.1 in order to be reachable from the Internet and that left=81.246.56.89 is the Cisco IOS box. In order to give you some help I would need the output of ipsec statusall and ip -s xfrm state ip -s xfrm policy after the successful connection setup and after a failed ping. Best regards Andreas On 05/11/2010 03:47 PM, François Van Ingelgom wrote: > Hi everyone! > > I'm trying to setup Strongswan (debian package) with a Cisco router (IOS > 12.4). > > Both servers are on the same subnet (our public subnet) for testing purposes. > > Here is my ipsec.conf for strongswan: > > version 2.0 # conforms to second version of ipsec.conf specification > > config setup > interfaces="ipsec0=eth0" > conn %default > ikelifetime=86400 > keylife=3600 > keyingtries=%forever > authby=secret > auth=esp > ike=aes128-sha1-modp1024! > esp=aes128-sha1! > pfs=no > dpdaction=hold > dpddelay=60 > dpdtimeout=500 > > conn tunnelipsec > type=tunnel > auto=start > left=81.246.56.89 > leftnexthop=81.246.56.65 > leftsubnet=192.168.16.0/24 > right=192.168.1.218 > rightnexthop=192.168.1.1 > rightsubnet=192.168.18.0/24 > > include /etc/ipsec.d/examples/no_oe.conf > > And here is my ipsec.secrets > > 81.246.56.89: PSK "SecretTunnelPass" > > I'm sorry, i don't have the cisco config right here but it's a classical non > tunnel configuration (esp-aes esp-sha-hmac aes128 and sha). > > In fact, the connection can be established but when i try to ping the other > end, the cisco fails claiming that he has no route for the network connected > to the strongswan.... > > I really have no idea how to set it up, and i've been searching for a very > long time now :/ > > I anybody would have any idea, hints or anything, i'll greatly appreciate :) > > Thanks a lot > > François Van Ingelgom -- PCSOL > ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
