Atri, > I notice you mention in your response that strongswan is rejecting an > unencrypted payload that it expects to be encrypted.
I assume you are referring to the one-and-a-half year old discussion at [1]? > However, this particular attribute is included in Message 1 which can't > be encrypted. So why is strongswan expecting the payload to be > encrypted? While this is true, strongSwan still rejects an unencrypted configuration payload message. It just does not expect a configuration payload in IKE_SA_INIT. So the question is: Why does Anyconnect send a configuration payload in IKE_SA_INIT? Even if it might not be explicitly disallowed, the configuration payload is certainly not used here as intended in RFC5996. As said, working around this issue might be possible, but I don't think it makes much sense given the mentioned Cisco EULA restrictions. Regards Martin [1]https://lists.strongswan.org/pipermail/users/2012-December/004064.html _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
