Hi all,
Please provide logs as shown on the HelpRequests page[1] on the wiki.
Kind regards
Noel
[1] https://wiki.strongswan.org/projects/strongswan/wiki/HelpRequests
Am 18.01.21 um 12:44 schrieb Volodymyr Litovka:
Hi George,
I don't remember exactly Cisco's commands to configure
[Correction]
Hi George,
Sorry, I made a blunder in the earlier respone…I mixed up IPsec TS_UNACCEPTABLE
with IKE proposals.
I just checked, and the debug ouput you posted is in-fact originating because
of the IKE proposal mismatch.
Basically, Cisco uses default ISAKMP profiles under the hood
Hi George,
I am not 100% sure what is causing the issue, but there are a couple of things
which I notice.
Cisco static-VTI solution (like the one that is configured on the ASR in your
config) automatically uses any-any traffic selectors. I see you are using GRE
as encaps on ASR (which is the
Hi George,
I don't remember exactly Cisco's commands to configure encryption, but
it seems you config misses encryption settings for IKE negotiation. Your
config on Cisco side should looks like the following:
! This is IKE encryption
crypto isakmp policy 10
encryption ...
hash ...
group