[Swan] Connection to Cisco ISR4431, IOS Version 16.8.1
John Serink
jserink2004 at yahoo.com
Wed Jul 29 08:56:56 UTC 2020
Hello:
I have an IOS router running 15.4 that allows me to connect using a preshared key with the following isakmp profile:crypto isakmp profile LanToLan description Lan to lan profile for CORS set connections keyring hubspokes match identity address 0.0.0.0
And this is perfect as the same profile is used for other road worriers, instrumentation and windows10's L2TP. keyingtries=0 left=%defaultroute leftsourceip=2.2.22.22 leftsubnet=2.2.22.22/32 leftid=@jserinki7 authby=secret ike=aes256-sha2;modp2048 phase2alg=aes256-sha2;modp2048 auto=add type=tunnel right=A.B.C.D rightsubnet=1.1.1.1/32 rightsourceip=1.1.1.1 #rightid=@CCrouter ike-frag=yes ikev2=no pfs=yes
But on the above mentioned router, for libreswan to work I needed to change the isakmp profile to :
crypto isakmp profile LanToLan description Lan to lan profile for CORS set connections keyring hubspokes match identity address 0.0.0.0 match identity host jserinki7
This works fine for my digi routers and libre swan but it breaks Windows L2TP tunnel negotiation.If I create another isakmp profile for windows 10 then I have two profiles with a PSK for IP 0.0.0.0 and things don't behave.
So, I'd like to figure out if I can remove the "match identity host jserinki7" in the cisco and make this work by adjusting some sort of libreswan settings.
Cheers,John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200729/48d166ef/attachment.html>
More information about the Swan
mailing list