Re: [Users] ipsec configuration !

From: abahmane el (fecov007_at_yahoo.com)
Date: Tue Aug 20 2002 - 09:13:48 CEST

• Next message: Robert Cole: "Re: [Users] Success w/Netscreen 5xp"
• Previous message: Sam Sgro: "Re: SV: [Users] ipsec with FreeS/Wan on Redhat"
• In reply to: Sam Sgro: "Re: [Users] ipsec configuration !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you Sam ..
As i am a newbie ..i need your help.
i am sure my configuration is bad..

There is schema of the what i wannt to get :

164.3.236.9 ( machine Freeswan)
    *
    *
194.2.91.12.. (my firewall)
    *
   internet
    *
213.56.103.29 ( other side firewall)
    *
    *
10.3.100.8 (other Freeswan machine)

Could you suggest me a possible configuration for my
connection

left =...
...

Best regards

--- Sam Sgro <sam_at_freeswan.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On Fri, 16 Aug 2002, abahmane el wrote:
>
> > Following is my configuration connection ...
> > i want to connect to machine 10.3.100.8
> >
> > conn sample
> > # Left security gateway, subnet behind it, next
> hop
> > toward right.
> > left=194.2.91.122/32 (firewall)
> > leftsubnet=194.3.236.9
>
> "left" and "right" should represent the machines
> that have FreeS/WAN installed
> on them, and "leftsubnet" and "rightsubnet" machines
> that are being protected.
> /32 is assumed for left/right and left/rightsubnet
> parameters.
>
> > leftnexthop=
>
> Unless you are using "interfaces=%defaultroute", it
> is best to fill in this
> entry.
>
> > # Right security gateway, subnet behind it, next
> hop
> > toward left.
> > right=213.56.103.29/32 (firewall )
> > rightsubnet=10.3.100.8
> > rightnexthop=
> > spi=0x200
> > esp=3des-md5-96
>
> These two lines are ignored unless you are manually
> keying the connection. You
> shouldn't need to use them if this is a FreeS/WAN to
> FreeS/WAN connection.
> If the right machine isn't running FreeS/WAN, you'll
> have to identify the
> IPSec device we can make any further useful
> comments.
>
> > when i initiate the connection have
> >
> > 194.3.236.9 -> 10.3.100.8 => %trap (0)
> >
> > and the logs on right machine tell me i m trying
> a
> > PKI connection ..even if it set to 3des-md5 in
> > configuration files ..
>
> Logs from both machines would be useful, as this
> could be for any number of
> reasons.
>
> Sam Sgro
> sam_at_freeswan.org
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: For the matching public key, finger the
> Reply-To: address.
>
>
iQCVAwUBPWAM/kOSC4btEQUtAQE1uQP+JQA0HiJUysBcYriwyuKVS+7ZUdwAgPxl
>
gyYSSpq1WxPRThi6hLGcJVFV0iQvWpG8SfWSCu/o16sgPo5773ZX3c5CHN8c4E1e
>
4ESkcbn5Epluj/zo5JB6l8m4HZ55dGhUDTAWB5t5ydAtbyq9HEFCc0FwxBbnd1qe
> KfETUTMBZcQ=
> =lWKP
> -----END PGP SIGNATURE-----
>

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Robert Cole: "Re: [Users] Success w/Netscreen 5xp"
• Previous message: Sam Sgro: "Re: SV: [Users] ipsec with FreeS/Wan on Redhat"
• In reply to: Sam Sgro: "Re: [Users] ipsec configuration !"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 21 2002 - 12:20:10 CEST