[strongSwan] IKEv2 StrongSwan to Cisco IOS 15.1 interop quirks: some 'attributes failed'
Martin Willi
martin at strongswan.org
Wed Oct 12 10:35:06 CEST 2011
Hi,
> Much to my pleasant surprise I was able to set up a RW connection to a
> Cisco IOS 15.1 headend using IKEv2. Kudos so the StrongSwan team!
That's good to hear!
> handling INTERNAL_IP4_NETMASK attribute failed
> handling INTERNAL_IP4_SUBNET attribute failed
> handling INTERNAL_IP4_SUBNET attribute failed
We don't interpret these attributes. Their purpose is not fully clear
from the standard.
The netmask could be used to define a broadcast domain, but we currently
don't send broadcasts over a "routed path".
The subnet attribute is superfluous, as the destination networks are
negotiated using traffic selectors. There are some theoretical uses of
this attribute discussed in RFC 5996 3.15.2, but we currently don't
handle it at all.
Best regards
Martin
More information about the Users
mailing list