Here's a question I've received, relating to a wiki page, that I can't answer. Anyone got any ideas? Craig _____ From: Jason Romo [ <mailto:jromo(a)networkguardian.net]> mailto:jromo(a)networkguardian.net] Sent: Wednesday, 19 July 2006 11:43 p.m. To: Craig Box Subject: Openswan and Cisco PIX I used your online document and I have a tunnel between the openswan 2.4.5 (using netkey with 2.6.16 kernel) and a Cisco PIX 501. I see the link is up on both sides. I ping the cisco's internal IP and I see the ICMP via debug icmp trace, but I don't get a resonse. I am not sure what is wrong. I think it is on the cisco side. It doesn't seem to allow traffic to the internal network. Any ideas where to start. _____ From: Craig Box Date: Thu, 20 Jul 2006 08:49:57 +1200 To: 'Jason Romo' <jromo(a)networkguardian.net> Subject: RE: Openswan and Cisco PIX Hi Jason, Haven't done anything with either a Swan or a Cisco for a long time sorry. Seen http://www.wlug.org.nz/FreeSwanToCiscoPix#footnote-3 ? Does this apply to you? Regards Craig _____ From: Jason Romo [mailto:jromo(a)networkguardian.net] Sent: Thursday, 20 July 2006 9:12 a.m. To: Craig Box Subject: Re: Openswan and Cisco PIX I copied the config to another machine and it works fine to the same cisco box on the remote end. I wonder if the upstream cisco route is filtering or something. But they can access anything on our network and we respond. But I can't initiate the traffic. I have checked that the firewall rules are good, routes, even kernel modules. I can't find a problem. They look the same. The system is the system it is an image of the exact box. Any ideas? Thanks for your help, Jason Romo