<div dir="ltr">Config has been checked and compared with a working setup where the other end is a cisco ASA</div><div class="gmail_extra"><br><br><div class="gmail_quote">On 11 November 2013 00:12, Leto <span dir="ltr"><<a href="mailto:letoams@gmail.com" target="_blank">letoams@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>usually that happens on configuration mismatch. double check your configs on both end?<br><br>sent from a tiny device </div>
<div><div class="h5"><div><br>On 2013-11-10, at 0:54, Paul Young <<a href="mailto:paul@arkig.com" target="_blank">paul@arkig.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hi Gents,<div><br>
</div><div>Has anyone heard of issues with OpenSwan\ipsec connecting to Cisco VPN SPA module devices?</div><div><br></div><div>We have openswan connected just happily to Cisco ASA and other concentrators. But it really does not like phase 1 communication.</div>
<div><br></div><div>Here's the clean hands shown by Cisco TAC:</div><div><br></div><div>"<span style="font-family:arial,sans-serif;font-size:13px"> </span><span style="font-family:arial,sans-serif;font-size:13px">I see from the debugs that right after phase 1 completed on vpn-spa end, linux machine sends some unencrypted packets which is not recognizable by the spa. Therefore we try to retransmit the last packet and then tear down the tunnel, so the whole phase 1 starts from the beginning.</span></div>
<p style="font-family:arial,sans-serif;font-size:13px">As I said VPN-SPA is End of Life:<u></u><u></u></p><p style="font-family:arial,sans-serif;font-size:13px"><a href="http://www.cisco.com/en/US/prod/collateral/modules/ps6267/end_of_life_c51-583910.html" target="_blank"><span style="color:windowtext;text-decoration:none">http://www.cisco.com/en/US/prod/collateral/modules/ps6267/end_of_life_c51-583910.html</span></a><u></u><u></u></p>
<p style="font-family:arial,sans-serif;font-size:13px">This means engineering support finished already at 2012, so we have no chance anymore to ask development team about this issue.</p><p style="font-family:arial,sans-serif;font-size:13px">
Please try to troubleshoot the linux and may be different distribution or version of openswan."</p><p style="font-family:arial,sans-serif;font-size:13px">I am running - openswan-2.6.32-21.el6_4.x86_64 - of OpenSwan</p>
<p style="font-family:arial,sans-serif;font-size:13px">Thoughts?</p><p style="font-family:arial,sans-serif;font-size:13px"><br></p></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org" target="_blank">Users@lists.openswan.org</a></span><br>
<span><a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br>
<span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span><br>
</div></blockquote></div></blockquote></div><br></div>