Hello! I am having troubles with setting up site-to-site IPSec VPN tunnel between OpenBSD and Cisco PIX 515E. I have the following configuration
[ A.B.C.B ] <-> [ OpenBSD 4.1 (M.N.O.P) ] <-- Internet --> [ (I.J.K.L) Cisco PIX 515E ] <-> [ E.F.G.H ] # cat /etc/ipsec.conf ike esp from A.B.C.D to E.F.G.H peer I.J.K.L main auth hmac-sha1 enc 3des group modp1024 quick auth hmac-sha1 enc 3des group none psk *secret* # ipsecctl -s all FLOWS: flow esp in from E.F.G.H to A.B.C.B peer I.J.K.L srcid M.N.O.P/32 dstid I.J.K.L/32 type use flow esp out from A.B.C.B to E.F.G.H peer I.J.K.L srcid M.N.O.P/32 dstid I.J.K.L/32 type require SAD: esp tunnel from M.N.O.P to I.J.K.L spi 0x73b8da7c auth hmac-sha1 enc 3des-cbc esp tunnel from I.J.K.L to M.N.O.P spi 0xbd5af3e7 auth hmac-sha1 enc 3des-cbc # With this configuration I cannot ping E.F.G.H from A.B.C.B and vice-versa. Both of these hosts have routes to each others through corresponding gateways (OpenBSD and Cisco). What am I missing? Thanks, Shohrukh
