[Swan] direct connect ipsec tunnel
Paul Wouters
paul at nohats.ca
Fri Jan 21 23:27:33 EET 2022
On Thu, 20 Jan 2022, Craig Slist wrote:
> Subject: [Swan] direct connect ipsec tunnel
>
> I am using RHEL8 and libreswan to make a tunnel directly to a cisco asa.
> using a basic config we are getting this error002 "mytunnel" #7: initiating Main Mode
> 104 "mytunnel" #7: STATE_MAIN_I1: initiate
> 003 "mytunnel" #7: ignoring informational payload NO_PROPOSAL_CHOSEN, msgid=00000000, length=12
This means your configurations don't match up. It is hard for us to help
you as we don't know what your cisco end wants you to use.
Some possible mismatching options are:
- IKEv1 vs IKEv2 (ikev2=yes|no)
- IKEv1 Aggressive Mode vs IKEv1 Main Mode (agressive=yes|no)
- IKE/phase1 crypto ciphers mismatch (ike= option in libreswan)
- Perfect Forward Secrecy setting (pfs=yes|no)
- If IKEv1 Aggressive Mode, a mismatched client ID could cause this
Paul
More information about the Swan
mailing list