Hello Alexander, Thank you for your help.
The problem is that I do not have any access to the Cisco configurations. 2015-04-07 19:10 GMT+02:00 Alexander Salmin <[email protected]>: > Hey, > > Based on my experience you could try three things: > - Provide us with the Cisco configuration on that side. > - Use packet-tracer from the cisco device, it's really helpful in these > situations. > - Verify every little bit of configuration on both sides so that they are > exactly the same. > > Alexander Salmin > > > On 2015-04-07 16:28:00, jean-yves boisiaud wrote: > > hello, > > > > I'm using IPSec with OpenBSD. > > > > I cannot connect with some Cisco appliances, a Cisco Asa and a Cisco > 2951. > > > > For these two Cisco gw, I can see in the log the same messages : > > > > Apr 7 16:10:00 billy isakmpd[31908]: isakmpd: phase 1 done: initiator id > > X, responder id Y, src: X dst: Y > > Apr 7 16:10:00 billy isakmpd[31908]: isakmpd: Peer Y made us delete live > > SA peer-Y-local-X for proto 1, initiator id: X, responder id: Y > > > > As the remote IT engineers wanted me to enable DPD, I changed the ipsec > > configuration from active to dynamic, but nothing changes. > > > > Is there something wrong in my configuration ? > > > > ike dynamic esp from 192.168.36.0/24 to 10.0.0.0/8 \ > > local X peer Y \ > > main auth hmac-md5 enc 3des group grp2 lifetime 28800 \ > > quick auth hmac-sha1 enc 3des group grp2 lifetime 28800 \ > > srcid "X" dstid "Y" \ > > psk "z" > > > > -- > > Jean-Yves Boisiaud - Alcor Consulting > > 24, rue de la Glycine > > 49250 Saint Remy la Varenne > > mobile : +33 6 63 71 73 46 fixe : +33 9 72 41 19 35 > -- Jean-Yves Boisiaud - Alcor Consulting 24, rue de la Glycine 49250 Saint Remy la Varenne mobile : +33 6 63 71 73 46 fixe : +33 9 72 41 19 35
