[Swan] Tunnel between Cisco 881 (vrf VTI) & Libreswan
Paul Wouters
paul at nohats.ca
Fri Apr 20 18:54:37 UTC 2018
On Fri, 20 Apr 2018, Adam Tauno Williams wrote:
> I have been able to peer the Cisco router and the Libreswan host in a
> straight-up assocation but when I attempt to change this over the a
> vrf-VTI configuration I am getting stuck.
> (identity) local= X.Y.W.X, remote= A.B.C.D,
> local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
> remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4)
> -- Libreswan
> conn mhhs-vti
> mark=10/0xffffff
> ikelifetime=1440m
> keylife=60m
> rekeymargin=3m
> keyingtries=1
> authby=secret
> left=A.B.C.D #strongswan outside address
> leftid=A.B.C.D #IKEID sent by strongswan
> right=X.Y.W.Z #IOS outside address
> rightid=X.Y.W.Z #IKEID sent by IOS
I think you want to add:
leftsubnet=0.0.0.0/0
rightsubnet=0.0.0.0/0
Paul
More information about the Swan
mailing list