Also, thank you for pointing out the 3des thing, is the first time in
forever I have needed to specify ciphers; wasn't aware of the potential
issue...
On 2017-02-27 11:40 PM, Muenz, Michael wrote:
Am 28.02.2017 um 08:17 schrieb Bob Miller:
Hello Gurus,
I have an existing libreswan-sonicwall vpn in place, now there is a
3rd location going in it is has a cisco asa firewall. I have been
working with the tech at the other end, we are stuck at the beginning
of phase2. or I am, the other end will see me connect for a second,
then it goes away.
I have looked at the wiki, but I am told there is no groupname
configured at that end, and when they sent me a dump of the config, I
can find nothing that would seem an appropriate value to put. They
also tell me there is no xauth enabled on their end. so this seems a
different config than the wiki is talking about? Logs tell me this:
whse2datacenter" #3: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW {using
isakmp#2 msgid:10f75020 proposal=3DES(3)_000-SHA1(2)_000 pfsgroup=no-pfs}
Feb 27 23:25:58 fw-tpc pluto[10068]: "whse2datacenter" #2: ignoring
informational payload INVALID_ID_INFORMATION, msgid=00000000, length=144
Hi,
please post logs from your side (not just the two lines), logs from the
ASA, and also config parts on both sides.
You really agreed to use 3DES and no pfs?
Michael
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
