[strongSwan-dev] Problem with Peer ID same
Jordi Casanellas
jcasanellas at solventait.com
Thu May 25 18:52:47 CEST 2017
Hello,
I'm have a problem with a 3 connections vpn ipsec site to site with Cisco
ASA.
The problem I have is that the client has virtual vpbox with Movistar.
In the 3 vpn the "rightid" is the same to sign
So to be able to lift the vpn I need to sign with a different ip than the
one assigned.
Currently I have it working in this way from the Cisco to the provider
"Gigas".
But I want to pass it on to strongswan
In the file configuration file.conf is the following:
---START CONFIG ---
config setup
conn client
left=81.29.122.250
leftsubnet=192.168.100.0/24
leftid=81.29.122.250
right=86.45.281.11
rightid=217.124.116.61
rightsubnet=192.168.202.0/24
#Encriptacio
keyingtries=0
esp=3des-sha1-modp1024
ike=3des-sha1-modp1024
authby=secret
keyexchange=ikev1
rekey=no
#lifetime
ikelifetime=60s
lifetime=8h
auto=route
----- END CONFIG ----
I'm test with rightid=%any and not working
I'm test with rightid same with right parameter its working but not work
traffic and tunnel not up.
Im found this plugin duplicheck
https://wiki.strongswan.org/projects/strongswan/wiki/Duplicheck#Behavior
But i'm need sign vpn with another ip.
----ERROR Syslog ---
May 25 18:36:22 CL2017032010001 charon: 10[ENC] parsed INFORMATIONAL_V1
request 2895156184 [ HASH N((24576)) ]
May 25 18:36:22 CL2017032010001 charon: 10[IKE] received (24576) notify
May 25 18:36:22 CL2017032010001 charon: 11[NET] received packet: from
xx.xx.xxx.xx[4500] to xx.xx.xx.xx[4500] (356 bytes)
May 25 18:36:22 CL2017032010001 charon: 11[ENC] parsed INFORMATIONAL_V1
request 1735012586 [ HASH N(INVAL_ID) ]
May 25 18:36:22 CL2017032010001 charon: 11[IKE] received
INVALID_ID_INFORMATION error notify
--ERROR Syslog ---
Thank you very much.
More information about the Dev
mailing list