<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:10pt"><div>Hello,</div><div><br></div><div>I am trying to interoperate Strongswan, (open source IPSec client) with ASA.</div><div>However I am getting the following error for the CHILD_SA establishment.</div><div>I am using pre-shared key for authentication. I have tried all possible combination for encryption/hash/DH group</div><div>Any pointers appreciated. <span style="color: rgb(34, 34, 34); font-family: arial, sans-serif;"> </span></div><div><div><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif;"><br></span></div><div><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif;">ASA console</span></div><div>---------------------------</div><div><br></div><div>ccc-sw-asa# IKEv2-PROTO-1: (1027): Failed to find a matching policy</div><div>IKEv2-PROTO-1: (1027):
Received Policies: </div><div>ESP: Proposal 1: 3DES SHA96 </div><div><br></div><div>ESP: Proposal 2: AES-CBC-128 AES-CBC-192 AES-CBC-256 3DES BLOWFISH SHA96 AES XCBC 96 MD596 </div><div><br></div><div>IKEv2-PROTO-1: (1027): Failed to find a matching policy</div><div>IKEv2-PROTO-1: (1027): Expected Policies: </div><div>IKEv2-PROTO-1: (1027): Failed to find a matching policy</div><div>IKEv2-PROTO-1: (1027): </div></div><div><br></div><div><div style="font-family: Helvetica; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"><font color="#222222" face="arial, sans-serif"><span style="font-size: 13px; ">Strongswan console:</span></font></div><div style="font-family: Helvetica; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"><font color="#222222" face="arial, sans-serif"><span style="font-size: 13px; ">------------------------------</span></font></div><div style="font-family:
Helvetica; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">initiating IKE_SA lma[2] to 173.36.208.117</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">sending packet: from 74.61.156.175[500] to 173.36.208.117[500] (504 bytes)</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">received packet: from 173.36.208.117[500] to 74.61.156.175[500] (358
bytes)</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">parsed IKE_SA_INIT response 0 [ SA KE No V V N(NATD_S_IP) N(NATD_D_IP) V ]</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">received unknown vendor ID: 43:49:53:43:4f:2d:44:45:4c:45:</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">54:45:2d:52:45:41:53:4f:4e</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">received unknown vendor ID: 43:49:53:43:4f:28:43:4f:50:59:</span><wbr style="color:
rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">52:49:47:48:54:29:26:43:6f:70:</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">79:72:69:67:68:74:20:28:63:29:</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">20:32:30:30:39:20:43:69:73:63:</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">6f:20:53:79:73:74:65:6d:73:2c:</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial,
sans-serif; font-size: 13px;">e</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">received unknown vendor ID: 40:48:b7:d5:6e:bc:e8:85:25:e7:</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">de:7f:00:d6:c2:d3</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">authentication of '74.61.156.175' (myself) with pre-shared key</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">establishing CHILD_SA lma</span><br style="color: rgb(34, 34, 34); font-family:
arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(EAP_ONLY) ]</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">sending packet: from 74.61.156.175[4500] to 173.36.208.117[4500] (332 bytes)</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">received packet: from 173.36.208.117[4500] to 74.61.156.175[4500] (124 bytes)</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">parsed IKE_AUTH response 1 [ V IDr AUTH
N(NO_PROP) ]</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">authentication of '173.36.208.117' with pre-shared key successful</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">IKE_SA lma[2] established between 74.61.156.175[74.61.156.175]..</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">.173.36.208.117[173.36.208.</span><wbr style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">117]</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif;
font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">scheduling reauthentication in 86193s</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">maximum IKE_SA lifetime 86373s</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">received NO_PROPOSAL_CHOSEN notify, no CHILD_SA built</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">failed to establish CHILD_SA, keeping IKE_SA</span><br style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif;
font-size: 13px;">establishing connection 'lma' failed</span></div><div style="font-family: Helvetica; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><br></span></div><div style="font-family: Helvetica; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">Thanks,</span></div><div style="font-family: Helvetica; font-size: medium; orphans: 2; text-align: -webkit-auto; widows: 2;"><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;">Murti</span></div></div><div><span style="color: rgb(34, 34, 34); font-family: arial, sans-serif; font-size: 13px;"><br></span></div></div></body></html>