Hi Martin,
Thank you for the quick response. That's good news that from strongSwan
perspective this IKE_SA looks fine.
Will focus on Cisco side then.
Alexey
On 14 April 2015 at 17:05, Martin Willi wrote:
> Hi,
>
> > The issue that I'm facing is that SA on Strongswan side is up but stuck
> in
Hi,
> The issue that I'm facing is that SA on Strongswan side is up but stuck in
> "IN-NEG” status on Cisco side (Response is outside of window received 0x1,
> expect 0x2 <= mess_id < 0x2).
> 16[ENC] parsed IKE_AUTH request 1 [ V IDi CERT CERTREQ ... ]
[...]
> 16[IKE] IKE_SA csr-swan[1] establish
Hi All,
I'm trying to setup a cert based IPsec tunnel between Cisco CSR 03.13.01.S
and Strongswan U5.2.1/K3.5.0-17-generic using IKEv2.
The issue that I'm facing is that SA on Strongswan side is up but stuck in
"IN-NEG” status on Cisco side (Response is outside of window received 0x1,
expect 0x2 <