[Swan] direct connect ipsec tunnel

Craig Slist cslist74 at gmail.com
Thu Jan 20 22:19:13 EET 2022


I am using RHEL8 and libreswan to make a tunnel directly to a cisco asa.
using a basic config we are getting this error
002 "mytunnel" #7: initiating Main Mode
104 "mytunnel" #7: STATE_MAIN_I1: initiate
003 "mytunnel" #7: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=12
003 "mytunnel" #7: received and ignored notification payload:
NO_PROPOSAL_CHOSEN
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 0.5 seconds for
response
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 1 seconds for
response
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 2 seconds for
response
010 "mytunnel" #7: STATE_MAIN_I1: retransmission; will wait 4 seconds for
response
config file:

config setup
   protostack=netkey
   plutodebug=all
   logfile=/var/log/pluto.log

conn mytunnel
   leftid=@cisco
   left=100.64.3.31
   rightid=@syslog
   right=100.64.3.30
   #cisco-unity=yes
   keyexchange=ike
   authby=secret
   # use auto=start when done testing the tunnel
   #remote_peer_type=cisco
   #ikelifetime=24h
   #salifetime=24h
   auto=add
   pfs=yes
   rekey=yes
   keyingtries=3
   type=tunnel
#   ike=aes-sha1
#   phase2alg=aes-sha1
#   ike=aes-sha1;modp2048
   ike=aes-sha1;dh14
#   phase2alg=aes-sha1;modp2048
   phase2alg=aes-sha1;dh14
   ikev2=never
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20220120/de5c26bc/attachment-0001.htm>


More information about the Swan mailing list