[strongSwan] Strongswan with ios problems

mohammad Naimi naimi.92 at gmail.com
Mon Oct 7 15:10:10 CEST 2013 

To whom may it concern,
I've installed strongswan for IOS on a server and have deployed it's
snapshot to another server. The problem is that, my clients can't connect
to one of them,I traced the logging process using "ipsec start --nofork
--debug-all"
13[IKE] received NAT-T (RFC 3947) vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-08 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-07 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-06 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-05 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-04 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-03 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-02 vendor ID
13[IKE] received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
13[IKE] received XAuth vendor ID
13[IKE] received Cisco Unity vendor ID
13[IKE] received DPD vendor ID
13[IKE] 217.218.83.90 is initiating a Main Mode IKE_SA
13[ENC] generating ID_PROT response 0 [ SA V V V ]
13[NET] sending packet: from 37.123.118.145[500] to 217.218.83.90[500] (136
bytes)
14[NET] received packet: from 217.218.83.90[500] to 37.123.118.145[500]
(292 bytes)
14[ENC] parsed ID_PROT request 0 [ KE No NAT-D NAT-D ]
14[IKE] remote host is behind NAT
14[IKE] sending cert request for "C=US, O=VPNINTOUCH, CN=VPNINTOUCH CA"
14[ENC] generating ID_PROT response 0 [ KE No CERTREQ NAT-D NAT-D ]
14[NET] sending packet: from 37.123.118.145[500] to 217.218.83.90[500] (373
bytes)
06[JOB] deleting half open IKE_SA after timeout





and this is my ipsec .conf
config setup
        # strictcrlpolicy=yes
        # uniqueids = no
        plutostart=yes
        nat_traversal=yes
# Add connections here.

# Sample VPN connections

conn ios
        keyexchange=ikev1
        authby=xauthrsasig
        xauth=server
        rightauth2=xauth-radius
        rightauth=pubkey
        left=%defaultroute
        eap_identity=110
        leftsubnet=0.0.0.0/0
        leftcert=serverCert.pem
        leftupdown="ipsec _updown"
        right=%any
        rightsubnet=10.0.0.0/24
        rightsourceip=10.0.0.0/24
        rightcert=clientCert.pem
        pfs=no
    rekey=no
        auto=add
    fragmentation=yes
        type=tunnel
    mediation=yes





May you please help?
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131007/5ab0e21f/attachment.html>

More information about the Users mailing list