[Swan] Connecting Libreswan to Cisco ASA

[Bruno]

Hello,
Just giving feedback on my issue, seems like the problem was on the remote
site after all.
Probably some ACL or other restriction inherited from some template on
their side, as suggested by Dmitry.
Before that I tried doing what Paul suggested but nothing had changed.
Maybe the checkbox close it disabled the peer ID validation altogether.

I tried asking precisely about the difference on their config, but they
just replied that they "started a new config from the ground".

Anyway, I thank you guys for the help!
Cheers.

Em seg., 29 de mar. de 2021 às 12:10, Dmitry Melekhov <dm at belkam.com>
escreveu:

>
> 29.03.2021 17:49, Bruno пишет:
>
> Hi Dmitry.
> They sent me some screenshots of their side, but I don't think we can
> attach images here on the list, so i'll post the urls:
>
> https://i.imgur.com/0UKU8i1.png
> https://i.imgur.com/UBrdJm0.png
> https://i.imgur.com/DlGqT0N.png
>
> I couldn't find any clue there. If needed I can try asking for a dump of
> the configuration from the remote site.
>
> Thanks for your help!
>
>
>
> Hello!
>
> I use cli for configuring ipsec on ASA, these screenshots is hard to read
> for me, although I tried and can't find what is wrong here.
>
>
> Log you provided shows that ASA complains about crypto map policy
>
> Group = A.A.A.A, IP = A.A.A.A, Skipping dynamic map
> SYSTEM_DEFAULT_CRYPTO_MAP sequence 65535: cannot match peerless map when
> peer found in previous map entry.
> IP = A.A.A.A, Received DPD VID
>
>
> I guess that problem is somewhere else- asa says there is no peer in
> crypto map, but there is config for this peer,
>
> may be they tried to configure this connection, but not completely removed
> it?
>
>
> Yes, it is better to get config in text.
>
>
> Thank you!
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210331/fe4b2265/attachment.html>