<div dir="ltr"><div>hello all , </div><div><br clear="all"><p style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">my configuration in strong swan is</p><p style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">config setup # strictcrlpolicy=yes # uniqueids = no</p><p style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">conn %default<br>ikelifetime=86400s<br>keylife=36000s<br>rekeymargin=3m<br>keyingtries=1<br>keyexchange=ikev2<br>authby=secret<br>mobike=no</p><p style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">conn ciscoios<br>left=@IP STRONGSWAN<br>leftsubnet=<a href="http://172.16.1.0/24" target="_blank"><font color="#0066cc">172.16.1.0/24</font></a><br>leftid=@IPSTONGSWAN<br>leftfirewall=yes<br>right=IP ASA<br>rightsubnet=IP PRIVE<br>rightid=IP ASA<br>pfs=yes<br>auto=add<br>ike=aes256-sha512-modp1536<br>esp=aes256-sha1<br>keyexchange=ikev2</p><p style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">include /var/lib/strongswan/ipsec.conf.inc</p><p style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">error is : <br>initiating IKE_SA ciscoios^{<a style="color:rgb(138,0,32);font-weight:bold;text-decoration:none" href="https://wiki.strongswan.org/issues/1136#fn5" target="_blank"><font size="2">5</font></a>} to @IP ASA<br>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>sending packet: from @IPSTRONGSWAN^{<a style="color:rgb(138,0,32);font-weight:bold;text-decoration:none" href="https://wiki.strongswan.org/issues/1136#fn500" target="_blank"><font size="2">500</font></a>} to @IP ASA^{<a style="color:rgb(138,0,32);font-weight:bold;text-decoration:none" href="https://wiki.strongswan.org/issues/1136#fn500" target="_blank"><font size="2">500</font></a>}<br>received packet: from @IP ASA [500] to @IP STRONG^{<a style="color:rgb(138,0,32);font-weight:bold;text-decoration:none" href="https://wiki.strongswan.org/issues/1136#fn500" target="_blank"><font size="2">500</font></a>}<br>parsed IKE_SA_INIT response 0 [ SA KE No V V V N(NATD_S_IP) N(NATD_D_IP) V ]<br>received unknown vendor id: 43:49:53:43:4f:2d:44:45:4c:45:54:45:2d:52:45:41:53:4 f:4e<br>received unknown vendor id: 43:49:53:43:4f:28:43:4f:50:59:52:49:47:48:54:29:26:4 3:6f:70:79:72:69:67:68:74:20:28:63:29:20:32:30:30:39:20:43:69:73:63:6f:20:53:79: 73:74:65:6d:73:2c:20:49:6e:63:2e<br>received unknown vendor id: 43:49:53:43:4f:2d:47:52:45:2d:4d:4f:44:45:02<br>received unknown vendor id: 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3<br>remote host is behind NAT<br>authentication of '178.32.180.245' (myself) with pre-shared key<br>establishing CHILD_SA ciscoios<br>generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ON LY) ]<br>sending packet: from @IPSTRONG^{<a style="color:rgb(138,0,32);font-weight:bold;text-decoration:none" href="https://wiki.strongswan.org/issues/1136#fn4500" target="_blank"><font size="2">4500</font></a>} to ASA [4500]<br>received packet: from ASA [4500] to STRONG [4500]<br>parsed IKE_AUTH response 1 [ V IDr AUTH N(NO_PROP) ]<br>authentication of '192.168.255.1' with pre-shared key successful<br>constraint check failed: identity @IP ASA required<br>selected peer config 'ciscoios' inacceptable<br></p><div><span style="color:rgb(54,0,12);font-family:Verdana,sans-serif;background-color:rgb(255,255,221)">no alternative config found</span><br>-- <br></div></div><div class="gmail_signature"><div>- VMware Certified Professional 5 – Data Center Virtualization (VCP5-DCV)</div><div>- Ingénieur Microsoft  </div><div>- Ingénieur CISCO</div><div>- Administrateur Linux Senior </div></div>
</div>