[strongSwan] Cisco IOS to SS using ikev2 and EC certs
Corey Hill
cohill at oceusnetworks.com
Tue Oct 15 22:53:41 CEST 2013
Has anyone got Cisco IOS working with SS 5.1.0 using ikev2 and EC certs? SS establishes the child_sa and adds the appropriate routes to the kernel routing table. Cisco appears to reject the last packet without much of an error message other than:
*Oct 9 00:58:40.630: IKEv2:Process delete IPSec API
*Oct 9 00:58:40.630: IKEv2:Failed to locate an item in the database
Which isn't much help. Cisco never gets out of in-neg when doing "show crypto ikev2 sa"
I have attached everything that should be relevant. This is a lab setup and I have access to both sides so I can try any suggestions anyone may have.
I appreciate any help anyone can give.
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/4a9f56fc/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cisco 819 failure ipsec.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/4a9f56fc/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 819-to-ss-failure.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/4a9f56fc/attachment-0001.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon.log
Type: application/octet-stream
Size: 31121 bytes
Desc: charon.log
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/4a9f56fc/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 2187 bytes
Desc: ipsec.conf
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/4a9f56fc/attachment-0001.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 819-config.txt
URL: <http://lists.strongswan.org/pipermail/users/attachments/20131015/4a9f56fc/attachment-0002.txt>
More information about the Users
mailing list