[Swan] cisco asa IKEv2 Negotiation aborted due to ERROR: The peer's KE payload contained the wrong DH group
Dmitry Melekhov
dm at belkam.com
Wed Dec 26 07:18:27 UTC 2018
26.12.2018 11:13, valentin vlasov пишет:
> Hello Dmitry,
>
> 1. I have the same problem with a centos <> cisco asa connection with
> the same behaviour.
> Can you tell me please what are your final settings for ikelifetime,
> keylife and rekeymargin?
ikelifetime the same as configured on asa- 28800s
keylife and rekeymargin - default values ( 8h and 9m if I remember
correctly) , i.e. not configured
> 2. With what periodicity do you run that testing script?
*/5 but I have backup channels, so if channel is not available downtime
will be just about 40s- ospf dead timer...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181226/23365540/attachment.html>
More information about the Swan
mailing list