Hi Rod,
no, strongSwan hasn't been tested with Cisco load balancing and
does not recognize the 40501 notification. Probably Cisco wants
to redirect the IPsec SA to an alternative VPN gateway.
Best regards
Andreas
rriver...@verizon.net wrote:
Hi,
This is my first post to this forum. I would like to thank everyone that has
worked on this project. I have been using strongSwan in a road warrior
configuration to connect to Cisco routers. I have been able to do this with
several customers but recently when I tried to connect to a new customer I
received a 40501 Notification message. After doing some research on the
Internet I found the following email indicating that this notification
relates to Cisco load balancing:
http://sourceforge.net/mailarchive/forum.php?thread_name=alpine.lfd.2.00.0901271415230.2...@oynqr.eqh.erqung.pbzforum_name=ipsec-tools-devel
Has strongSwan been tested with Cisco load balancing? Has anyone else run
into this problem?
I found a work around to the problem by connecting to the last server in the
load balancing cluster, which does not return the 40501 notification, and the
connection works fine. This will due for my initial testing but without
support for load balancing I will not be able to use strongSwan. The output
from the failed connection follows:
# ipsec up test
002 test #1: initiating Main Mode
104 test #1: STATE_MAIN_I1: initiate
003 test #1: ignoring Vendor ID payload [FRAGMENTATION c000]
106 test #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 test #1: ignoring Vendor ID payload [Cisco-Unity]
003 test #1: received Vendor ID payload [XAUTH]
003 test #1: ignoring Vendor ID payload [79d4400d1135dfa224392efd403473aa]
003 test #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
108 test #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 test #1: received Vendor ID payload [Dead Peer Detection]
002 test #1: Peer ID is ID_FQDN: '@test.localdomain'
002 test #1: ISAKMP SA established
004 test #1: STATE_MAIN_I4: ISAKMP SA established
003 test #1: Notify Message Type of ISAKMP Notification Payload has an
unknown value: 40501
003 test #1: malformed payload in packet
Thanks,
Rod
==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==
smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users