[strongSwan] Two problems with cisco and sonicwall.

Noel Kuntze noel at familie-kuntze.de
Tue Mar 21 13:58:39 CET 2017


On 21.03.2017 13:18, Jordi Casanellas wrote:
> My vpn is working only ping in cisco to strongswan, ping strongwsan to cisco not working.
 
> conn evindustria
>         leftsourceip=10.200.1.1
That's invalid.
Remove leftsourceip.

>         esp=3des-sha1-modp1024
>         ike=3des-sha1-modp1024
Bad cipher suite. Upgrade that.

>         # This allows the VPN to come up automatically when openswan starts
>         auto=add

That's just wrong. "auto=add" only adds the configuration to charon, but doesn't do anything else with it.
It's neither initiated, nor used to install trap policies.
Configure "auto=route".

> Only the VPN works by pinging from the Cisco ASA to Strongwsan

That's because you configured auto=add.

Please stop sending HTML formatted emails. Send plaintext instead. It's unnecessarily difficult to handle it.

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170321/405a662f/attachment.sig>


More information about the Users mailing list