[Swan] cisco asa
Paul Wouters
paul at nohats.ca
Tue Feb 28 18:06:49 UTC 2017
On Mon, 27 Feb 2017, Bob Miller wrote:
> whse2datacenter" #3: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using isakmp#2
> msgid:10f75020 proposal=3DES(3)_000-SHA1(2)_000 pfsgroup=no-pfs}
> Feb 27 23:25:58 fw-tpc pluto[10068]: "whse2datacenter" #2: ignoring
> informational payload INVALID_ID_INFORMATION, msgid=00000000, length=144
Invalid ID for quick mode is a wrong error. Since at that point the ID
and the entire IKE SA has been authenticated. So this error is
misleading. Look at phase2/esp and/or pfs mismatches and of course
leftsubnet/rightsubnet mismatches.
Paul
More information about the Swan
mailing list