[Openswan Users] openswan

Neal Murphy neal.p.murphy at alum.wpi.edu
Mon Aug 6 08:57:34 EDT 2012

On Monday 06 August 2012 02:56:00 Efstathios Kalyvas wrote:
> Hello,
> I am trying from a linux box to setup an IPsec to a cisco ASA 5520. Cisco
> is managed from a telco opeartor.
> My ipsec.conf is (based on the telco specs file i attach):
> ...
>         left= #REAL IP LINUX SERVER
> ...
> Aug  5 17:35:20 apllo-i1 pluto[21371]: "cyta" #1: STATE_MAIN_I4: ISAKMP SA
> established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
> prf=oakley_sha group=modp1024}
> Aug  5 17:35:20 apllo-i1 pluto[21371]: "cyta" #2: initiating Quick Mode
> PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:29f85155
> proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=no-pfs}
> Aug  5 17:35:20 apllo-i1 pluto[21371]: "cyta" #1: ignoring informational
> payload, type INVALID_ID_INFORMATION msgid=00000000

You've done well so far: the SA is established. The ID error may be caused by 
the inline comments; try removing them (and the <space> before the #) from all 
config lines to see what happens.

The next important thing you should see is either receiving Quick-I1 or 
sending Quick-R1.

More information about the Users mailing list