[Openswan Users] openswan
Neal Murphy
neal.p.murphy at alum.wpi.edu
Mon Aug 6 08:57:34 EDT 2012
On Monday 06 August 2012 02:56:00 Efstathios Kalyvas wrote:
> Hello,
>
> I am trying from a linux box to setup an IPsec to a cisco ASA 5520. Cisco
> is managed from a telco opeartor.
>
> My ipsec.conf is (based on the telco specs file i attach):
> ...
> left= 198.101.222.60 #REAL IP LINUX SERVER
> ...
> Aug 5 17:35:20 apllo-i1 pluto[21371]: "cyta" #1: STATE_MAIN_I4: ISAKMP SA
> established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
> prf=oakley_sha group=modp1024}
> Aug 5 17:35:20 apllo-i1 pluto[21371]: "cyta" #2: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:29f85155
> proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=no-pfs}
> Aug 5 17:35:20 apllo-i1 pluto[21371]: "cyta" #1: ignoring informational
> payload, type INVALID_ID_INFORMATION msgid=00000000
You've done well so far: the SA is established. The ID error may be caused by
the inline comments; try removing them (and the <space> before the #) from all
config lines to see what happens.
The next important thing you should see is either receiving Quick-I1 or
sending Quick-R1.
More information about the Users
mailing list