s is not a problem because it handles multiple
> SAs per CHILD SA, but other implementation this can be a problem.
>
>
>
>
>
>
> Денис Давыдов ezt írta (időpont: 2021. máj. 21., P,
> 10:02):
>
>> It turns out that the Cisco ASA has a bug CSCue42170 with
(7.13), 9.4(3.6)
On Wed, May 12, 2021 at 7:44 PM Денис Давыдов wrote:
> Finally solved! Tried TS one after another. To put it mildly, I'm
> surprised. it turns out that the equipment on the remote side is configured
> in such a way that for each TS I had to set up a separate c
ention to my problem.
On Wed, May 12, 2021 at 3:36 PM Денис Давыдов wrote:
> Tobias,
>
> I replaced the OpenBSD with the same configuration:
> -> % uname -r -p
> 6.9 amd64
>
> Now, with this configuration:
>
> ikev2 crypto-primary active esp \
> from any to any
wrote:
> On Wed, May 12, 2021 at 12:06:21PM +0300, Денис Давыдов wrote:
> > I tried to specify an explicit parameter -T to disable NAT-Traversal
> > auto-detection and use `local' parameter. Also according to your advice
> > tried a configuration like this:
> >
> &
g (look for ikev2_pld_ts in the verbose log).
>
> On Tue, May 11, 2021 at 01:47:53PM +0300, Денис Давыдов wrote:
> > Tobias,
> >
> > The remote side gave me their Cisco ASA 5585 settings and they showed the
> > logs:
> >
> > object network Svc_2_2_2_2
> >
, but with another provider, which has the Cisco ASA
5585-SSP10, there are no such problems.
--
Sincerely,
Denis
On Fri, May 7, 2021 at 1:10 PM Tobias Heider
wrote:
> On Fri, May 07, 2021 at 12:17:35PM +0300, Денис Давыдов wrote:
> > Hello all,
> >
> > I can't understand why
Hello all,
I can't understand why I got SA_INIT timeout:
May 5 13:18:54 crypto-gw2 iked[65530]: spi=0x73bcd531eb2e8899: sa_free:
SA_INIT timeout
1.1.1.1 (crypto-gw2) - my host
7.7.7.7 - our isp provider (some of cisco devices)
/etc/iked.conf (on 1.1.1.1):
ikev2 crypto-primary active esp \
Hello, all.
I decided to reinstall OpenBSD to a newer version on my VMware ESXi
cluster. So I deleted an old router and start the new one using the old
configuration, except that I add lladdr parameter with the old MAC address
to the external interface to avoid blocking traffic on the port of the
8 matches
Mail list logo
