[strongSwan] Cannot do IKEv1/PSK Main Mode in Cisco ASA 5510

Neeraj Sharma kaju09 at live.in
Fri Sep 28 13:28:53 CEST 2012


# ipsec.conf

config setup
    charondebug="dmn 1"

conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev1
  aggressive=no
  type=tunnel
  dpdaction=clear
  dpddelay=60s


conn home
  left=%defaultroute
  xauth_identity=user
  leftid=@CiscoPSKCxnProfile
  xauth = client
  leftsourceip = %config
  leftauth=psk
  leftauth2=xauth
  leftfirewall=no
  right=111.222.333.444
  rightsubnet=192.168.0.0/16
  rightauth=psk
  ike=aes-sha-modp1024
  esp=aes-sha1-modp1024
  auto=start


# the ipsec.secrets has the corresponding PSK and password for user

Do let me know if you see an issues?

-Neeraj

Subject: Re: [strongSwan] Cannot do IKEv1/PSK Main Mode in Cisco ASA 5510
From: edk at cendatsys.com
Date: Thu, 27 Sep 2012 08:53:40 -0500
To: kaju09 at live.in; users at lists.strongswan.org

I just went through this same problem -- still struggling with routing but seem to habe the connection.



What's the Cisco config and you ipsec.conf?

Neeraj Sharma <kaju09 at live.in> wrote:



I tried doing this a couple of times and did succeed with configuring a StrongSwan client connecting to a Cisco ASA 5510 in IKEv1/PSK Main Mode. What works at present is the IKEv1/PSK Aggressive mode.
 
I am no Cisco expert, so its possible (pointed by endre that it works as well over freenode #strongswan) that I am missing a Cisco ASA config. Any pointers (doc, etc) will be of great help.
 
Thanks,
Neeraj
            

Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

-- 

Sent from my Android phone with K-9 Mail. Please excuse my brevity. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120928/c6f19445/attachment.html>


More information about the Users mailing list