[strongSwan] strongSwan 4.2.4 with Cisco VPN Concentrator 3000
Ralph
ml+strongswan-user at dynaperl.de
Fri Jun 11 11:36:30 CEST 2010
Hello
I have a strange phenomenon by connecting strongSwan 4.2.4 with a Cisco
VPN Concentrator 3000.
The connection description no the strongSwan side is:
> conn gw-cisco
> authby=secret
> ike=aes128-sha-modp1024
> esp=aes128-sha1
> pfs=no
> #
> ikelifetime=86400s
> keylife=8h
> #
> left=<strongSwan-ip>
> leftsubnet=192.168.144.0/23
> #
> right=<cisco-ip>
> rightsubnet=10.10.10.0/24
> auto=add
The cisco system has the OS-Version Version 4.7.2.H Jun 29 2006.
After initiating the tunnel from the strongSwan side I get the following
error message in the phase 2 (Quick Mode) (plutodebug="crypt parsing
emitting control klips private").
> Jun 11 09:26:23 gw pluto[25355]: | our client is subnet 192.0.0.0/18446744073709551615
> Jun 11 09:26:23 gw pluto[25355]: | our client protocol/port is 0/0
> Jun 11 09:26:23 gw pluto[25355]: "gw-cisco" #2: our client ID returned doesn't match my proposal
> Jun 11 09:26:23 gw pluto[25355]: "gw-cisco" #2: sending encrypted notification INVALID_ID_INFORMATION to <cisco-ip>:500
My understanding is that the other side (the cisco router) returned the
wrong address 192.0.0.0/18446744073709551615 to me and i response with
INVALID_ID_INFORMATION. Is this correct?
After changing the local subnet to 192.168.145.0/24 the tunnel is
established successfully.
> Jun 11 10:50:23 gw pluto[26339]: | our client is subnet 192.168.145.0/24
> Jun 11 10:50:23 gw pluto[26339]: | our client protocol/port is 0/0
> Jun 11 10:50:23 gw pluto[26339]: | peer client is subnet 10.10.10.0/24
> Jun 11 10:50:23 gw pluto[26339]: | peer client protocol/port is 0/0
Have anybody some suggestion what the problem is?
regards
ralph
More information about the Users
mailing list