[Swan] cisco asa
Muenz, Michael
m.muenz at spam-fetish.org
Tue Feb 28 07:40:48 UTC 2017
Am 28.02.2017 um 08:17 schrieb Bob Miller:
> Hello Gurus,
>
> I have an existing libreswan-sonicwall vpn in place, now there is a
> 3rd location going in it is has a cisco asa firewall. I have been
> working with the tech at the other end, we are stuck at the beginning
> of phase2. or I am, the other end will see me connect for a second,
> then it goes away.
>
> I have looked at the wiki, but I am told there is no groupname
> configured at that end, and when they sent me a dump of the config, I
> can find nothing that would seem an appropriate value to put. They
> also tell me there is no xauth enabled on their end. so this seems a
> different config than the wiki is talking about? Logs tell me this:
>
> whse2datacenter" #3: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using
> isakmp#2 msgid:10f75020 proposal=3DES(3)_000-SHA1(2)_000 pfsgroup=no-pfs}
> Feb 27 23:25:58 fw-tpc pluto[10068]: "whse2datacenter" #2: ignoring
> informational payload INVALID_ID_INFORMATION, msgid=00000000, length=144
Hi,
please post logs from your side (not just the two lines), logs from the
ASA, and also config parts on both sides.
You really agreed to use 3DES and no pfs?
Michael
More information about the Swan
mailing list