Hello Bill, a strongSwan log with plutodebug=all set in ipsec.conf would be helpful in the diagnosis of your problem.
Regards Andreas On 06/30/2010 04:38 AM, William Bloom wrote: > I've configured a StrongSwan client in my lab with a 'conn' ipsec.conf > section containing... > > ... > left=%defaultroute > left...@tunnelgroupsitea > ... > > ...for establishment of a tunnel to a Cisco ASA. I've specified > ikeversion=ikev1 and, for now, authby=psk. > > Soon after negotiation begins (a few IKE messaged are exchanged), a > message appears in the ASA log reporting that the incoming connection is > for group '172.16.1.2' (my client's IP address) and the negotiation is > then aborted since the tunnel group is named 'TunnelGroupSiteA' rather > than '172.16.1.2'. > > My reading of the wiki page that describes the ipsec.conf 'conn' section > is that the value of 'leftid' is, by default, taken to be the same as > the value of 'left' but that a 'leftid' assignment in the 'conn' section > will be used instead if specified. > > However, in this case, it appears that my 'leftid' specification is > being ignored. Searching the web, I see that others have had success by > creating a tunnel group on the ASA that has a name that is identical to > the 'left' value (an IP address), but I do not have that flexibility > since the production deployment will ultimately need to accommodate a > large number of clients. The management overhead of configuring a > tunnel for each would be unacceptable to the customer (and I wouldn't > blame them, for that matter). > > One forum posting I saw claimed that I need to specify the hex value of > the tunnel group name ala... > > left...@#<hexdigits> > > ...but this doesn't solve the problem. What's the correct solution for > this? How do I get StrongSwan to use the 'leftid' value as the ASA > tunnel group ID? > > > Bill > -- > William Bloom > [email protected] <mailto:[email protected]> -- ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
