Visit Our UNIX and Linux User Community

Special Forums IP Networking How to establish site to site vpn - Linux machine and cisco asa? Post 302763733 by ashokvpp on Wednesday 30th of January 2013 11:45:16 AM
Old 01-30-2013
How to establish site to site vpn - Linux machine and cisco asa?


I am trying to establish vpn between my linux server and cisco asa at client side.

I installed openswan on my cent os.

Linux Server
eth0 -    [ I have public IP]

Gateway - [ and gw]

eth1 -  [ Internal Lan i/f]

I have simple IPtables Like
 iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $LAN -j ACCEPT
iptables -A INPUT -i $WAN -j ACCEPT

iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -i $LAN -j ACCEPT
iptables -A FORWARD -i $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -d -j ACCEPT

iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Client side Cisco ASA - Device

Provided details :

BD gateway ip is [ Public IP]
Source IP :- 
 Lifetime is 86400 seconds (Phase-1) & 3600 seconds (Phase-2)
 Authentication is pre-shared

I need advise on configuring ipsec.conf and ipsec.secrets and what IP tables rules I need to add / modify.


Test Your Knowledge in Computers #957
Difficulty: Medium
Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation.
True or False?

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Moving machine to other site

Hi, IŽd like to have some opinions of waht settings we should take note before power down a server and move it to other facilities. Of course, the first thing is check the backups. Thanks in advance. (1 Reply)
Discussion started by: spacewalker
1 Replies

2. What is on Your Mind?

New Site/Info for Linux Users

Check out this site. This will be helpful for all. Link removed. (3 Replies)
Discussion started by: jadebellant
3 Replies

3. IP Networking

port access to site to site VPN

Setup a site to site VPN between two cisco routers. One of the site locations is unable to access ports such as How do I let them go into port 9001? They can ssh, ftp, telnet and everything else. Is this a VPN issue or ACL access issue? I put permit ip host... (0 Replies)
Discussion started by: photon
0 Replies

4. IP Networking

Does cisco 1921 router support site to site VPNs using IPSec?

Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? " A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Discussion started by: Ayaerlee
0 Replies

5. IP Networking

Cisco 3750 Switch ASA VPN Routing

Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Discussion started by: Ayaerlee
0 Replies

6. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: LAN 2: This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left= ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

7. IP Networking

Openswan with Cisco ASA

Hi all, I need this as soon as possible to solve it or at least to find out what is the problem. I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA... (0 Replies)
Discussion started by: ivancd
0 Replies
NOS-TUN(8)						    BSD System Manager's Manual 						NOS-TUN(8)

nos-tun -- implement ``nos'' or ``ka9q'' style IP over IP tunnel SYNOPSIS
nos-tun -t tunnel -s source -d destination -p protocol_number [source] target DESCRIPTION
The nos-tun utility is used to establish an nos style tunnel, (also known as ka9q or IP-IP tunnel) using a tun(4) kernel interface. Tunnel is the name of the tunnel device /dev/tun0 for example. Source and destination are the addresses used on the tunnel device. If you configure the tunnel against a cisco router, use a netmask of ``'' on the cisco. This is because the tunnel is a point-to-point interface in the FreeBSD end, a concept cisco does not really implement. Protocol number sets tunnel mode. Original KA9Q NOS uses 94 but many people use 4 on the worldwide backbone of Target is the address of the remote tunnel device, this must match the source address set on the remote end. EXAMPLES
This end, a FreeBSD box on address nos-tun -t /dev/tun0 -s -d Remote cisco on address interface tunnel 0 ip address tunnel mode nos tunnel destination tunnel source AUTHORS
Nickolay N. Dudorov <> wrote the program, Poul-Henning Kamp <> wrote the man-page. Isao SEKI <> added a new flag, IP protocol number. BUGS
We do not allow for setting our source address for multihomed machines. BSD
April 11, 1998 BSD

Featured Tech Videos

All times are GMT -4. The time now is 10:39 AM.
Unix & Linux Forums Content Copyright 1993-2020. All Rights Reserved.
Privacy Policy