[Swan] Problem configuring connection with Cisco ASA in HA

Miguel Ponce Antolin mponce at paradigmadigital.com
Wed Sep 8 07:11:46 UTC 2021

Hi all,

We are facing this problem, maybe there is any advice you could give us.

We are configuring two libreswan (v4.4) instances which are going to be a
main and a backup endpoints for a Cisco ASA.

The connection works well when the configured as main libreswan endpoint
has ipsec running, but when we test to stop ipsec on this main instance the
backup instance do not complete the authentication process.

We have switched both instances in the Cisco configuration side but,
always, the instance configured as main works as expected, while the backup
do not. The backup instance has been rebooted, the ipsec service has been
restarted and we even tested to switch off the main instance to avoid the
possibility of some blocked connection.

This is the error that appears on the pluto log:

Sep  7 10:53:27.711642: | processing payload: ISAKMP_NEXT_v2N (len=0)

Sep  7 10:53:27.711657: | error notification v2N_NO_PROPOSAL_CHOSEN is not

Sep  7 10:53:27.711694: | selected state microcode roof

Sep  7 10:53:27.711706: "vpn/1x1" #4: dropping unexpected IKE_AUTH message
containing NO_PROPOSAL_CHOSEN notification; message payloads: SK; encrypted
payloads: IDr,AUTH,N,V; unexpected payloads: IDr,AUTH

Sep  7 10:53:27.711716: | #4 complete_v2_state_transition()

Sep  7 10:53:27.711722: "vpn/1x1" #4: encountered fatal error in state

Sep  7 10:53:27.711726: | Message ID: forcing a response received update

I hope this is enough information, thanks in advance!

Kind regards


[image: Logo Especialidad]

*Miguel Ponce Antolín.*
Sistemas    ·    +34 670 360 655
[image: Linea]
[image: Logo Paradigma]   ·   paradig.ma <https://www.paradigmadigital.com/>
·   contáctanos <https://www.paradigmadigital.com/contacto>   ·   [image:
Twitter] <https://twitter.com/paradigmate>  [image: Youtube]
<https://www.youtube.com/user/ParadigmaTe?feature=watch>  [image: Linkedin]
<https://www.linkedin.com/company/paradigma-digital/>  [image: Instagram]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20210908/6f56e341/attachment.html>

More information about the Swan mailing list