[Swan] cisco asa
Bob Miller
bob at computerisms.ca
Thu Mar 2 22:31:21 UTC 2017
Hi Michael,
Thanks for your response.
We fixed the problem, it turns out that phase two has an auth feature
that can be disabled on the cisco device, and apparently that doesn't
show up in the config dump.
magic incantation correctly uttered and now tunnel is working....
On 2017-02-27 11:40 PM, Muenz, Michael wrote:
> Am 28.02.2017 um 08:17 schrieb Bob Miller:
>> Hello Gurus,
>>
>> I have an existing libreswan-sonicwall vpn in place, now there is a
>> 3rd location going in it is has a cisco asa firewall. I have been
>> working with the tech at the other end, we are stuck at the beginning
>> of phase2. or I am, the other end will see me connect for a second,
>> then it goes away.
>>
>> I have looked at the wiki, but I am told there is no groupname
>> configured at that end, and when they sent me a dump of the config, I
>> can find nothing that would seem an appropriate value to put. They
>> also tell me there is no xauth enabled on their end. so this seems a
>> different config than the wiki is talking about? Logs tell me this:
>>
>> whse2datacenter" #3: initiating Quick Mode
>> PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using
>> isakmp#2 msgid:10f75020 proposal=3DES(3)_000-SHA1(2)_000 pfsgroup=no-pfs}
>> Feb 27 23:25:58 fw-tpc pluto[10068]: "whse2datacenter" #2: ignoring
>> informational payload INVALID_ID_INFORMATION, msgid=00000000, length=144
>
> Hi,
>
> please post logs from your side (not just the two lines), logs from the
> ASA, and also config parts on both sides.
> You really agreed to use 3DES and no pfs?
>
>
> Michael
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list