<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><style> body {  font-family: "Calibri","Slate Pro",sans-serif,"sans-serif"; color:#262626 }</style> </head> <body lang="fr-FR"><div><br></div><p style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; background-color: rgb(255, 255, 221);">my configuration in strong swan is</p><p style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; background-color: rgb(255, 255, 221);">config setup # strictcrlpolicy=yes # uniqueids = no</p><p style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; background-color: rgb(255, 255, 221);">conn %default<br>ikelifetime=86400s<br>keylife=36000s<br>rekeymargin=3m<br>keyingtries=1<br>keyexchange=ikev2<br>authby=secret<br>mobike=no</p><p style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; background-color: rgb(255, 255, 221);">conn ciscoios<br>left=@IP STRONGSWAN<br>leftsubnet=172.16.1.0/24<br>leftid=@IPSTONGSWAN<br>leftfirewall=yes<br>right=IP ASA<br>rightsubnet=IP PRIVE<br>rightid=IP ASA<br>pfs=yes<br>auto=add<br>ike=aes256-sha512-modp1536<br>esp=aes256-sha1<br>keyexchange=ikev2</p><p style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; background-color: rgb(255, 255, 221);">include /var/lib/strongswan/ipsec.conf.inc</p><p style="color: rgb(54, 0, 12); font-family: Verdana, sans-serif; background-color: rgb(255, 255, 221);">error is : <br>initiating IKE_SA ciscoios^{<a href="https://wiki.strongswan.org/issues/1136#fn5" style="color: rgb(138, 0, 32); text-decoration: none; font-weight: bold;">5</a>} to @IP ASA<br>generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>sending packet: from @IPSTRONGSWAN^{<a href="https://wiki.strongswan.org/issues/1136#fn500" style="color: rgb(138, 0, 32); text-decoration: none; font-weight: bold;">500</a>} to @IP ASA^{<a href="https://wiki.strongswan.org/issues/1136#fn500" style="color: rgb(138, 0, 32); text-decoration: none; font-weight: bold;">500</a>}<br>received packet: from @IP ASA [500] to @IP STRONG^{<a href="https://wiki.strongswan.org/issues/1136#fn500" style="color: rgb(138, 0, 32); text-decoration: none; font-weight: bold;">500</a>}<br>parsed IKE_SA_INIT response 0 [ SA KE No V V V N(NATD_S_IP) N(NATD_D_IP) V ]<br>received unknown vendor id: 43:49:53:43:4f:2d:44:45:4c:45:54:45:2d:52:45:41:53:4 f:4e<br>received unknown vendor id: 43:49:53:43:4f:28:43:4f:50:59:52:49:47:48:54:29:26:4 3:6f:70:79:72:69:67:68:74:20:28:63:29:20:32:30:30:39:20:43:69:73:63:6f:20:53:79: 73:74:65:6d:73:2c:20:49:6e:63:2e<br>received unknown vendor id: 43:49:53:43:4f:2d:47:52:45:2d:4d:4f:44:45:02<br>received unknown vendor id: 40:48:b7:d5:6e:bc:e8:85:25:e7:de:7f:00:d6:c2:d3<br>remote host is behind NAT<br>authentication of '178.32.180.245' (myself) with pre-shared key<br>establishing CHILD_SA ciscoios<br>generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(EAP_ON LY) ]<br>sending packet: from @IPSTRONG^{<a href="https://wiki.strongswan.org/issues/1136#fn4500" style="color: rgb(138, 0, 32); text-decoration: none; font-weight: bold;">4500</a>} to ASA [4500]<br>received packet: from ASA [4500] to STRONG [4500]<br>parsed IKE_AUTH response 1 [ V IDr AUTH N(NO_PROP) ]<br>authentication of '192.168.255.1' with pre-shared key successful<br>constraint check failed: identity @IP ASA required<br>selected peer config 'ciscoios' inacceptable<br></p><div><span style="background-color: rgb(255, 255, 221); color: rgb(54, 0, 12); font-family: Verdana, sans-serif;">no alternative config found</span></div><div>Envoyé de mon smartphone BlackBerry 10.</div></body></html>