[Swan] Connecting Libreswan to Cisco ASA

Dmitry Melekhov dm at belkam.com
Mon Mar 29 15:10:44 UTC 2021

29.03.2021 17:49, Bruno пишет:
> Hi Dmitry.
> They sent me some screenshots of their side, but I don't think we can 
> attach images here on the list, so i'll post the urls:
> https://i.imgur.com/0UKU8i1.png <https://i.imgur.com/0UKU8i1.png>
> https://i.imgur.com/UBrdJm0.png <https://i.imgur.com/UBrdJm0.png>
> https://i.imgur.com/DlGqT0N.png <https://i.imgur.com/DlGqT0N.png>
> I couldn't find any clue there. If needed I can try asking for a dump 
> of the configuration from the remote site.
> Thanks for your help!

I use cli for configuring ipsec on ASA, these screenshots is hard to 
read for me, although I tried and can't find what is wrong here.

Log you provided shows that ASA complains about crypto map policy

Group = A.A.A.A, IP = A.A.A.A, Skipping dynamic map 
SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot match peerless map when 
peer found in previous map entry.
IP = A.A.A.A, Received DPD VID

I guess that problem is somewhere else- asa says there is no peer in 
crypto map, but there is config for this peer,

may be they tried to configure this connection, but not completely 
removed it?

Yes, it is better to get config in text.

Thank you!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210329/66bd519f/attachment-0001.html>

More information about the Swan mailing list