[Swan] Need debugging pointer between libreswan and ASA5550

[Paul Wouters]

On 03/08/2013 11:24 AM, T.J. Yang wrote:
> 1.  new /etc/ipsec.conf with tabs, no pound signs, public ip masked.
> version 2.0
> config setup
>          plutodebug="control parsing"
>          plutostderrlog=/var/log/ipsec.log
>          protostack=netkey
>          nat_traversal=yes
>          virtual_private=
>          oe=no
> conn centos6-asa-net-net
>          keyingtries=3
>          authby=secret
>          left=x.x.x..5
>          leftsubnet=192.168.50.0/24 <http://192.168.50.0/24>
>          leftsourceip=192.168.50.254
>          right=x.x.x..4
>          rightsubnet=192.168.40.0/24 <http://192.168.40.0/24>
>          rightsourceip=192.168.40.254
>          auto=start
>          keyexchange=ike
>          type=tunnel
>          pfs=no
>          phase2=esp
>          phase2alg=3des-sha1

So what's the output of:

ipsec start
ipsec auto --add centos6-asa-net-net
ipsec auto --up centos6-asa-net-net

Paul