subject:"\[strongSwan\] Notification message 40501 connecting to Cisco router"

[strongSwan] Notification message 40501 connecting to Cisco router

2009-06-09 Thread rrivers_2

Hi,
 
This is my first post to this forum.  I would like to thank everyone that has 
worked on this project.  I have been using strongSwan in a road warrior 
configuration to connect to Cisco routers.  I have been able to do this with 
several customers but recently when I tried to connect to a new customer I 
received a 40501 Notification message.  After doing some research on the 
Internet I found the following email indicating that this notification relates 
to Cisco load balancing:
http://sourceforge.net/mailarchive/forum.php?thread_name=alpine.lfd.2.00.0901271415230.2...@oynqr.eqh.erqung.pbzforum_name=ipsec-tools-devel
 
Has strongSwan been tested with Cisco load balancing?  Has anyone else run into 
this problem?
 
I found a work around to the problem by connecting to the last server in the 
load balancing cluster, which does not return the 40501 notification, and the 
connection works fine.   This will due for my initial testing but without 
support for load balancing I will not be able to use strongSwan.  The output 
from the failed connection follows:
 
# ipsec up test
002 test #1: initiating Main Mode
104 test #1: STATE_MAIN_I1: initiate
003 test #1: ignoring Vendor ID payload [FRAGMENTATION c000]
106 test #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 test #1: ignoring Vendor ID payload [Cisco-Unity]
003 test #1: received Vendor ID payload [XAUTH]
003 test #1: ignoring Vendor ID payload [79d4400d1135dfa224392efd403473aa]
003 test #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
108 test #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 test #1: received Vendor ID payload [Dead Peer Detection]
002 test #1: Peer ID is ID_FQDN: '@test.localdomain'
002 test #1: ISAKMP SA established
004 test #1: STATE_MAIN_I4: ISAKMP SA established
003 test #1: Notify Message Type of ISAKMP Notification Payload has an 
unknown value: 40501
003 test #1: malformed payload in packet

 
Thanks,
 
Rod
 
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Re: [strongSwan] Notification message 40501 connecting to Cisco router

2009-06-09 Thread Andreas Steffen

Hi Rod,

no, strongSwan hasn't been tested with Cisco load balancing and
does not recognize the 40501 notification. Probably Cisco wants
to redirect the IPsec SA to an alternative VPN gateway.

Best regards

Andreas

 rriver...@verizon.net wrote:
 Hi,
  
 This is my first post to this forum.  I would like to thank everyone that has 
 worked on this project.  I have been using strongSwan in a road warrior 
 configuration to connect to Cisco routers.  I have been able to do this with 
 several customers but recently when I tried to connect to a new customer I 
 received a 40501 Notification message.  After doing some research on the 
 Internet I found the following email indicating that this notification 
 relates to Cisco load balancing:
 http://sourceforge.net/mailarchive/forum.php?thread_name=alpine.lfd.2.00.0901271415230.2...@oynqr.eqh.erqung.pbzforum_name=ipsec-tools-devel
  
 Has strongSwan been tested with Cisco load balancing?  Has anyone else run 
 into this problem?
  
 I found a work around to the problem by connecting to the last server in the 
 load balancing cluster, which does not return the 40501 notification, and the 
 connection works fine.   This will due for my initial testing but without 
 support for load balancing I will not be able to use strongSwan.  The output 
 from the failed connection follows:
  
 # ipsec up test
 002 test #1: initiating Main Mode
 104 test #1: STATE_MAIN_I1: initiate
 003 test #1: ignoring Vendor ID payload [FRAGMENTATION c000]
 106 test #1: STATE_MAIN_I2: sent MI2, expecting MR2
 003 test #1: ignoring Vendor ID payload [Cisco-Unity]
 003 test #1: received Vendor ID payload [XAUTH]
 003 test #1: ignoring Vendor ID payload [79d4400d1135dfa224392efd403473aa]
 003 test #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
 108 test #1: STATE_MAIN_I3: sent MI3, expecting MR3
 003 test #1: received Vendor ID payload [Dead Peer Detection]
 002 test #1: Peer ID is ID_FQDN: '@test.localdomain'
 002 test #1: ISAKMP SA established
 004 test #1: STATE_MAIN_I4: ISAKMP SA established
 003 test #1: Notify Message Type of ISAKMP Notification Payload has an 
 unknown value: 40501
 003 test #1: malformed payload in packet
 
  
 Thanks,
  
 Rod

==
Andreas Steffen andreas.stef...@strongswan.org
strongSwan - the Linux VPN Solution!www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===[ITA-HSR]==


smime.p7s
Description: S/MIME Cryptographic Signature
___
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

[strongSwan] Notification message 40501 connecting to Cisco router

Re: [strongSwan] Notification message 40501 connecting to Cisco router

2 matches

Site Navigation

Mail list logo

Footer information