[strongSwan] Problem using asymmetric keys against Cisco IOS
John Serink
john_serink at trimble.com
Tue Dec 8 15:09:15 CET 2020
Hello:
Cisco debug is showing me this:
Dec 8 13:57:16.184: IKEv2:(SESSION ID = 93872,SA ID = 40):Stopping timer to wait for auth
message
Dec 8 13:57:16.184: IKEv2:(SESSION ID = 93872,SA ID = 40):Checking NAT discovery
Dec 8 13:57:16.184: IKEv2:(SESSION ID = 93872,SA ID = 40):NAT OUTSIDE found
Dec 8 13:57:16.184: IKEv2:(SESSION ID = 93872,SA ID = 40):NAT detected float to init port
48448, resp port 4500
Dec 8 13:57:16.184: IKEv2:(SESSION ID = 93872,SA ID = 40):Searching policy based on peer's
identity 'CORS89' of type 'FQDN'
Dec 8 13:57:16.185: IKEv2-ERROR:(SESSION ID = 93872,SA ID = 40):% key not found.
Dec 8 13:57:16.186: IKEv2-ERROR:(SESSION ID = 93872,SA ID = 40):: Failed to locate an item in
the database
Dec 8 13:57:16.186: IKEv2:(SESSION ID = 93872,SA ID = 40):Verification of peer's
authentication data FAILED
It identified my strongswan client CORS89 but it thinks its an FQDN rather than and ID.
In the ipsec.conf for leftid I used '@CORS89' and in the ipsec.secrets I also used @CORS89 so
why would the Cisco think its a FQDN rather than just a key-id?
Cheers,
John
--
John Edward Serink
Product Applications Engineer,
Advanced Positioning
Trimble Navigation Singapore PTE Ltd.
3 Harbourfront Place,
#13-02 Harbourfrout Tower Two,
Co. Reg. No. 199204958W
Singapore 099254
Tel 65-6871-5878
Fax 65-6871-5879
DID 65-6871-5873
HP 65-9129-4250
Skype: johnserink
More information about the Users
mailing list