[Swan] direct connect ipsec tunnel
Craig Slist
cslist74 at gmail.com
Thu Jan 20 22:19:13 EET 2022
I am using RHEL8 and libreswan to make a tunnel directly to a cisco asa.
using a basic config we are getting this error
002 "mytunnel" #7: initiating Main Mode
104 "mytunnel" #7: STATE_MAIN_I1: initiate
003 "mytunnel" #7: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=12
003 "mytunnel" #7: received and ignored notification payload:
NO_PROPOSAL_CHOSEN
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for
response
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 1 seconds for
response
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 2 seconds for
response
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 4 seconds for
response
config file:
config setup
protostack=netkey
plutodebug=all
logfile=/var/log/pluto.log
conn mytunnel
leftid=@cisco
left=100.64.3.31
rightid=@syslog
right=100.64.3.30
#cisco-unity=yes
keyexchange=ike
authby=secret
# use auto=start when done testing the tunnel
#remote_peer_type=cisco
#ikelifetime=24h
#salifetime=24h
auto=add
pfs=yes
rekey=yes
keyingtries=3
type=tunnel
# ike=aes-sha1
# phase2alg=aes-sha1
# ike=aes-sha1;modp2048
ike=aes-sha1;dh14
# phase2alg=aes-sha1;modp2048
phase2alg=aes-sha1;dh14
ikev2=never
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20220120/de5c26bc/attachment-0001.htm>
More information about the Swan
mailing list