Hello I have a strange phenomenon by connecting strongSwan 4.2.4 with a Cisco VPN Concentrator 3000.
The connection description no the strongSwan side is: > conn gw-cisco > authby=secret > ike=aes128-sha-modp1024 > esp=aes128-sha1 > pfs=no > # > ikelifetime=86400s > keylife=8h > # > left=<strongSwan-ip> > leftsubnet=192.168.144.0/23 > # > right=<cisco-ip> > rightsubnet=10.10.10.0/24 > auto=add The cisco system has the OS-Version Version 4.7.2.H Jun 29 2006. After initiating the tunnel from the strongSwan side I get the following error message in the phase 2 (Quick Mode) (plutodebug="crypt parsing emitting control klips private"). > Jun 11 09:26:23 gw pluto[25355]: | our client is subnet > 192.0.0.0/18446744073709551615 > Jun 11 09:26:23 gw pluto[25355]: | our client protocol/port is 0/0 > Jun 11 09:26:23 gw pluto[25355]: "gw-cisco" #2: our client ID returned > doesn't match my proposal > Jun 11 09:26:23 gw pluto[25355]: "gw-cisco" #2: sending encrypted > notification INVALID_ID_INFORMATION to <cisco-ip>:500 My understanding is that the other side (the cisco router) returned the wrong address 192.0.0.0/18446744073709551615 to me and i response with INVALID_ID_INFORMATION. Is this correct? After changing the local subnet to 192.168.145.0/24 the tunnel is established successfully. > Jun 11 10:50:23 gw pluto[26339]: | our client is subnet 192.168.145.0/24 > Jun 11 10:50:23 gw pluto[26339]: | our client protocol/port is 0/0 > Jun 11 10:50:23 gw pluto[26339]: | peer client is subnet 10.10.10.0/24 > Jun 11 10:50:23 gw pluto[26339]: | peer client protocol/port is 0/0 Have anybody some suggestion what the problem is? regards ralph _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
