[Swan] Problem connecting to a Cisco ASA
paul at nohats.ca
Wed Mar 10 03:16:26 UTC 2021
On Mon, 8 Mar 2021, Miguel Ponce Antolin wrote:
> I think we are facing issues with the IKE algorithms.
> The Cisco peer has the next configuration:
> - pfs group14
> - ikev2 ipsec-proposal AES256-SHA256
> - security-association lifetime seconds 28800
> So the libreswan side is configured in the ipsec.d/vpn.conf with similar parameters using the yum repository last version 3.25:
> conn vpn
Delete the lines with remote_peer_type, aggrmode, and encapsulation
Try using ike=aes256-sha2_256;dh14
> Mar 8 12:33:25.540325: | selected state microcode Initiator: process AUTHENTICATION_FAILED AUTH notification
It could also be that they are expected a different leftid= then you think?
Despite them claiming pfs, you can try pfs=no as well to see if that
makes a difference.
More information about the Swan