[strongSwan] IDir does not match to
Andrew McDonald
andrew at mcdee.com.au
Wed Feb 6 04:49:48 CET 2013
Hey All
I'm trying to configure an IKEv1 net2net-psk tunnel between a Cisco 877
router and Amazon instance using StrongSwan 5.0.2.
I'm trying to find out why the SA is not coming up and it has something to
do with the following error message:
IDir '165.228.92.xx' does not match to '165.228.92.xx'
I don't know enough about IKE to try and troubleshoot this message or where
to begin looking to resolve it.
Here's the full output when I try start the connection using "ipsec up
syd1-sb":
initiating Main Mode IKE_SA syd1-sb[1] to 165.228.92.xx
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 10.0.0.11[500] to 165.228.92.xx[500] (156 bytes)
received packet: from 165.228.92.xx[500] to 10.0.0.11[500] (104 bytes)
parsed ID_PROT response 0 [ SA V ]
received NAT-T (RFC 3947) vendor ID
generating ID_PROT request 0 [ KE No NAT-D NAT-D ]
sending packet: from 10.0.0.11[500] to 165.228.92.xx[500] (244 bytes)
received packet: from 165.228.92.xx[500] to 10.0.0.11[500] (304 bytes)
parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]
local host is behind NAT, sending keep alives
generating ID_PROT request 0 [ ID HASH ]
sending packet: from 10.0.0.11[4500] to 165.228.92.xx[4500] (92 bytes)
received packet: from 165.228.92.xx[4500] to 10.0.0.11[4500] (76 bytes)
parsed ID_PROT response 0 [ ID HASH ]
IDir '165.228.92.xx' does not match to '165.228.92.xx'
deleting IKE_SA syd1-sb[1] between
10.0.0.11[syd1-vpn.domain]...165.228.92.xx[%any]
sending DELETE for IKE_SA syd1-sb[1]
generating INFORMATIONAL_V1 request 3330416634 [ HASH D ]
sending packet: from 10.0.0.11[4500] to 165.228.92.xx[4500] (92 bytes)
Regards
Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130206/ef4bd06e/attachment.html>
More information about the Users
mailing list