How to establish site to site vpn - Linux machine and cisco asa?


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
# 1  
How to establish site to site vpn - Linux machine and cisco asa?

Hi,

I am trying to establish vpn between my linux server and cisco asa at client side.

I installed openswan on my cent os.

Linux Server
Code:
eth0 - 182.2.29.10    [ I have public IP]

Gateway - 182.2.29.1 [ and gw]



eth1 - 192.9.200.75  [ Internal Lan i/f]


I have simple IPtables Like
WAN="eth0"
LAN="eth1"
 iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to 182.2.29.10


iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $LAN -j ACCEPT
iptables -A INPUT -i $WAN -j ACCEPT
 




iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -i $LAN -j ACCEPT
iptables -A FORWARD -i $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $WAN -m state --state ESTABLISHED,RELATED -j ACCEPT
 


iptables -A FORWARD -s 192.9.200.0/255.255.255.0 -j ACCEPT
iptables -A FORWARD -d 192.9.200.0/255.255.255.0 -j ACCEPT
 


iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

Client side Cisco ASA - Device

Code:
Provided details :

BD gateway ip is 212.2.7.15 [ Public IP]
Source IP :- 192.168.91.224 
ESP-3DES-SHA1
 Lifetime is 86400 seconds (Phase-1) & 3600 seconds (Phase-2)
 Authentication is pre-shared

I need advise on configuring ipsec.conf and ipsec.secrets and what IP tables rules I need to add / modify.

Thanks

Best
Ashok
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Science: Gadgets
Difficulty: Medium
The Western Electric Model 500 telephone uses tone dialing to dial phone numbers.
True or False?

7 More Discussions You Might Find Interesting

1. IP Networking

Openswan with Cisco ASA

Hi all, I need this as soon as possible to solve it or at least to find out what is the problem. I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA... (0 Replies)
Discussion started by: ivancd
0 Replies

2. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

3. IP Networking

Cisco 3750 Switch ASA VPN Routing

Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Discussion started by: Ayaerlee
0 Replies

4. IP Networking

Does cisco 1921 router support site to site VPNs using IPSec?

Q: "Does Cisco 1921 router support,, act as an endpoint for, site to site VPNs using IPSec? If so, how many? " A: If you get the Cisco 1921/k9 with the security services bundle then it will have built in security features. Cisco, typically includes IP Sec tunnels I believe as part of that... (0 Replies)
Discussion started by: Ayaerlee
0 Replies

5. IP Networking

port access to site to site VPN

Setup a site to site VPN between two cisco routers. One of the site locations is unable to access ports such as https://example.com:9001 How do I let them go into port 9001? They can ssh, ftp, telnet and everything else. Is this a VPN issue or ACL access issue? I put permit ip host... (0 Replies)
Discussion started by: photon
0 Replies

6. What is on Your Mind?

New Site/Info for Linux Users

Check out this site. This will be helpful for all. Link removed. (3 Replies)
Discussion started by: jadebellant
3 Replies

7. UNIX for Advanced & Expert Users

Moving machine to other site

Hi, IŽd like to have some opinions of waht settings we should take note before power down a server and move it to other facilities. Of course, the first thing is check the backups. Thanks in advance. (1 Reply)
Discussion started by: spacewalker
1 Replies
RACOONCTL(8)						    BSD System Manager's Manual 					      RACOONCTL(8)

NAME
racoonctl -- racoon administrative control tool SYNOPSIS
racoonctl reload-config racoonctl show-schedule racoonctl [-l [-l]] show-sa [isakmp|esp|ah|ipsec] racoonctl flush-sa [isakmp|esp|ah|ipsec] racoonctl delete-sa saopts racoonctl establish-sa [-u identity] saopts racoonctl vpn-connect [-u -identity] vpn_gateway racoonctl vpn-disconnect vpn_gateway racoonctl show-event [-l] racoonctl logout-user login DESCRIPTION
racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support. Communication between racoonctl and racoon(8) is done through a UNIX socket. By changing the default mode and ownership of the socket, you can allow non-root users to alter racoon(8) behavior, so do that with caution. The following commands are available: reload-config This should cause racoon(8) to reload its configuration file. show-schedule Unknown command. show-sa [isakmp|esp|ah|ipsec] Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. Use -l to increase verbosity. flush-sa [isakmp|esp|ah|ipsec] is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs. establish-sa [-u username] saopts Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. The optional -u username can be used when establishing an ISAKMP SA while hybrid auth is in use. racoonctl will prompt you for the password associated with username and these credentials will be used in the Xauth exchange. saopts has the following format: isakmp {inet|inet6} src dst {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port {icmp|tcp|udp|any} vpn-connect [-u username] vpn_gateway This is a particular case of the previous command. It will establish an ISAKMP SA with vpn_gateway. delete-sa saopts Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA. vpn-disconnect vpn_gateway This is a particular case of the previous command. It will kill all SAs associated with vpn_gateway. show-event [-l] Dump all events reported by racoon(8), then quit. The -l flag causes racoonctl to not stop once all the events have been read, but rather to loop awaiting and reporting new events. logout-user login Delete all SA established on behalf of the Xauth user login. Command shortcuts are available: rc reload-config ss show-sa sc show-schedule fs flush-sa ds delete-sa es establish-sa vc vpn-connect vd vpn-disconnect se show-event lu logout-user RETURN VALUES
The command should exit with 0 on success, and non-zero on errors. FILES
/var/racoon/racoon.sock or /var/run/racoon.sock racoon(8) control socket. SEE ALSO
ipsec(4), racoon(8) HISTORY
Once was kmpstat in the KAME project. It turned into racoonctl but remained undocumented for a while. Emmanuel Dreyfus <manu@NetBSD.org> wrote this man page. BSD
November 16, 2004 BSD

Featured Tech Videos