[Swan] Connection to Cisco ISR4431, IOS Version 16.8.1

Wed Jul 29 08:56:56 UTC 2020

Hello:
I have an IOS router running 15.4 that allows me to connect using a preshared key with the following isakmp profile:crypto isakmp profile LanToLan   description Lan to lan profile for CORS set connections   keyring hubspokes   match identity address 0.0.0.0 
And this is perfect as the same profile is used for other road worriers, instrumentation and windows10's L2TP. keyingtries=0     left=%defaultroute     leftsourceip=2.2.22.22     leftsubnet=2.2.22.22/32     leftid=@jserinki7     authby=secret     ike=aes256-sha2;modp2048     phase2alg=aes256-sha2;modp2048     auto=add     type=tunnel     right=A.B.C.D     rightsubnet=1.1.1.1/32     rightsourceip=1.1.1.1     #rightid=@CCrouter     ike-frag=yes     ikev2=no     pfs=yes
But on the above mentioned router, for libreswan to work I needed to change the isakmp profile to :
crypto isakmp profile LanToLan   description Lan to lan profile for CORS set connections   keyring hubspokes   match identity address 0.0.0.0    match identity host jserinki7
This works fine for my digi routers and libre swan but it breaks Windows L2TP tunnel negotiation.If I create another isakmp profile for windows 10 then I have two profiles with a PSK for IP 0.0.0.0 and things don't behave.
So, I'd like to figure out if I can remove the "match identity host jserinki7" in the cisco and make this work by adjusting some sort of libreswan settings.
Cheers,John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200729/48d166ef/attachment.html>