Помогите понять почему не подымается туннель между Cisco2921 и Openswan Centos.
Настройки на Cisco:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key 12345 address 10.10.10.10
ip access-list extended SitesVPN
permit ip any host 87.240.129.72
permit ip any host 18.196.37.30
crypto ipsec transform-set centos esp-3des esp-sha-hmac
crypto map centosipsec 10 ipsec-isakmp
set peer 10.10.10.10
set transform-set centos
match address SitesVPN
interface GigabitEthernet0/1
ip address 192.168.10.10 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map centosipsec
Конфиги Openswan
ipsec.conf
version 2
config setup
protostack=auto
logfile=/var/log/pluto.log
dumpdir=/var/run/pluto/
nat_traversal=yes
fragicmp=yes
oe=off
include /etc/ipsec.d/*.conf
office.conf:
conn nullgr
left=10.10.10.10
leftsubnet=192.168.1.10/32
rightsubnet=172.16.100.0/24
right=192.168.10.10
authby=secret
keyexchange=ike
type=tunnel
auto=start
priority=1
pfs=no
ikev2=permit
ike=3des-sha1-modp1024
ipsec.secret:
10.10.10.10 192.168.10.10: PSK "12345"
Ipsec на Centos запускается без ошибок.
На Cisco:
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.10.10 10.10.10.10 QM_IDLE 1212 ACTIVE
Но доступа к адресам vk и yandex нету.