[Openswan Users] Anyone heard over interoperability issues with Cisco SPA modules

Paul Young paul at arkig.com
Sun Nov 10 03:54:12 UTC 2013


Hi Gents,

Has anyone heard of issues with OpenSwan\ipsec connecting to Cisco VPN SPA
module devices?

We have openswan connected just happily to Cisco ASA and other
concentrators. But it really does not like phase 1 communication.

Here's the clean hands shown by Cisco TAC:

" I see from the debugs that right after phase 1 completed on vpn-spa end,
linux machine sends some unencrypted packets which is not recognizable by
the spa. Therefore we try to retransmit the last packet and then tear down
the tunnel, so the whole phase 1 starts from the beginning.

As I said VPN-SPA is End of Life:

http://www.cisco.com/en/US/prod/collateral/modules/ps6267/end_of_life_c51-583910.html

This means engineering support finished already at 2012, so we have no
chance anymore to ask development team about this issue.

Please try to troubleshoot the linux and may be different distribution or
version of openswan."

I am running  - openswan-2.6.32-21.el6_4.x86_64 - of OpenSwan

Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131110/666d5590/attachment.html>


More information about the Users mailing list