[Swan] cisco asa
Bob Miller
bob at computerisms.ca
Fri Mar 3 00:03:13 UTC 2017
Also, thank you for pointing out the 3des thing, is the first time in
forever I have needed to specify ciphers; wasn't aware of the potential
issue...
On 2017-02-27 11:40 PM, Muenz, Michael wrote:
> Am 28.02.2017 um 08:17 schrieb Bob Miller:
>> Hello Gurus,
>>
>> I have an existing libreswan-sonicwall vpn in place, now there is a
>> 3rd location going in it is has a cisco asa firewall. I have been
>> working with the tech at the other end, we are stuck at the beginning
>> of phase2. or I am, the other end will see me connect for a second,
>> then it goes away.
>>
>> I have looked at the wiki, but I am told there is no groupname
>> configured at that end, and when they sent me a dump of the config, I
>> can find nothing that would seem an appropriate value to put. They
>> also tell me there is no xauth enabled on their end. so this seems a
>> different config than the wiki is talking about? Logs tell me this:
>>
>> whse2datacenter" #3: initiating Quick Mode
>> PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using
>> isakmp#2 msgid:10f75020 proposal=3DES(3)_000-SHA1(2)_000 pfsgroup=no-pfs}
>> Feb 27 23:25:58 fw-tpc pluto[10068]: "whse2datacenter" #2: ignoring
>> informational payload INVALID_ID_INFORMATION, msgid=00000000, length=144
>
> Hi,
>
> please post logs from your side (not just the two lines), logs from the
> ASA, and also config parts on both sides.
> You really agreed to use 3DES and no pfs?
>
>
> Michael
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
More information about the Swan
mailing list