[Openswan Users] Anyone heard over interoperability issues with Cisco SPA modules

Leto letoams at gmail.com
Sun Nov 10 08:12:46 UTC 2013


usually that happens on configuration mismatch. double check your configs on both end?

sent from a tiny device 

On 2013-11-10, at 0:54, Paul Young <paul at arkig.com> wrote:

> Hi Gents,
> 
> Has anyone heard of issues with OpenSwan\ipsec connecting to Cisco VPN SPA module devices?
> 
> We have openswan connected just happily to Cisco ASA and other concentrators. But it really does not like phase 1 communication.
> 
> Here's the clean hands shown by Cisco TAC:
> 
> " I see from the debugs that right after phase 1 completed on vpn-spa end, linux machine sends some unencrypted packets which is not recognizable by the spa. Therefore we try to retransmit the last packet and then tear down the tunnel, so the whole phase 1 starts from the beginning.
> As I said VPN-SPA is End of Life:
> 
> http://www.cisco.com/en/US/prod/collateral/modules/ps6267/end_of_life_c51-583910.html
> 
> This means engineering support finished already at 2012, so we have no chance anymore to ask development team about this issue.
> 
> Please try to troubleshoot the linux and may be different distribution or version of openswan."
> 
> I am running  - openswan-2.6.32-21.el6_4.x86_64 - of OpenSwan
> 
> Thoughts?
> 
> 
> 
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131110/0da0ff02/attachment.html>


More information about the Users mailing list