Create a VPN IPSEc connection on Ubuntu Server to a Cisco ASA using openswan
$100-120 USD
Cancelado
Publicado hace más de 12 años
$100-120 USD
Pagado a la entrega
Hi,
we need someone who has done this type of connections before, be familiar with the openswan log and be able to troubleshoot.
Then should be able to route traffic via the vpn connection by creating the IPSec Tunnel, for the VPN and the application server (which will be using the VPN connection)
More details below.
Please apply only if you have done this before or please do not waste yours and my time. Will send you my log to check if you understand what is going on.
I have created a connection and talking to the server but something is not quite right.
Connection to the box will be made available via teamviewer on windows which has an SSH terminal open for you to work.
Thanks,
Michael
## Deliverables
The box is an Ubuntu server. I have installed openswan on it and tried
to configure it.
The Ubuntu firewall is enabled but have opened the necessary ports and the router allows full access on
the public IP of the box
Check out /etc/[login to view URL] for cmds I am running to open ports etc.
Here is the configuration I received from the provider (they have a cisco ASA) ===============================================
IP sec tunnel endpoint: will be given
Common IPSEC Parameters
Phase 1 - IKE Policy Definition (IPSEC/ISAKMP)
IKE Mode Main
Message Encryption Algorithm: 3des-cbc
Message Integrity (Hash) Algorith: ah-sha-hmac
Peer authentigateon method: pre-shared
Peer authentication key: will be given
Key exchange DH group identifier: 2 (1024 bits)
ISAKMP policy Lifetime (sec): 86400 (1 day)
ISAKMP Keepalives Supported / Optional
Dead Peer Detection (DPD) Supported / Optional (Recom.
Phase 2 - Transform Set (Security Association)
IPSec Mode: Tunnel
IPSec SA Lifetime (sec): 3600 (1 hour)
Perfect Forward Secrecy (PFS) No
IKE Mode quick
Mechanism for Header Authentication(AH): none
Mechanism for Payload Authentication(ESP): esp-sha-hmac
Mechanism for Payload Encryption (ESP): esp-3des-cbc
Encryption none
IPSEC Packet Fragmentation Pre-Fragmentation
==============================================
Here is the exact response I got from their engineer.
" The VPN settings that I have sent you, must be configured on your
firewall/router (which should be able to support VPNs). You should
define the IP that will be used for the IPSec Tunnel (which is xxx.xxx.xxx.133)
and also define the xxx.xxx.xxx.136 as the address that you will send your sms
traffic to. Also, from the PDF, VPN has 2 phases. In order for the VPN
to come up and thus have connectivity between us, you need to define
all those settings as given as well."
As an example, here we have Cisco ASA router and all those settings
are done manually from command line directly on the router. I suggest
to download the specifications or guide for your router in order to
set up the VPN"