[Openswan Users] Anyone heard over interoperability issues with Cisco SPA modules
paul at arkig.com
Sun Nov 10 16:50:48 UTC 2013
Config has been checked and compared with a working setup where the other
end is a cisco ASA
On 11 November 2013 00:12, Leto <letoams at gmail.com> wrote:
> usually that happens on configuration mismatch. double check your configs
> on both end?
> sent from a tiny device
> On 2013-11-10, at 0:54, Paul Young <paul at arkig.com> wrote:
> Hi Gents,
> Has anyone heard of issues with OpenSwan\ipsec connecting to Cisco VPN SPA
> module devices?
> We have openswan connected just happily to Cisco ASA and other
> concentrators. But it really does not like phase 1 communication.
> Here's the clean hands shown by Cisco TAC:
> " I see from the debugs that right after phase 1 completed on vpn-spa
> end, linux machine sends some unencrypted packets which is not recognizable
> by the spa. Therefore we try to retransmit the last packet and then tear
> down the tunnel, so the whole phase 1 starts from the beginning.
> As I said VPN-SPA is End of Life:
> This means engineering support finished already at 2012, so we have no
> chance anymore to ask development team about this issue.
> Please try to troubleshoot the linux and may be different distribution or
> version of openswan."
> I am running - openswan-2.6.32-21.el6_4.x86_64 - of OpenSwan
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users