[Openswan Users] Anyone heard over interoperability issues with Cisco SPA modules

[Paul Young]

Config has been checked and compared with a working setup where the other
end is a cisco ASA


On 11 November 2013 00:12, Leto <letoams at gmail.com> wrote:

> usually that happens on configuration mismatch. double check your configs
> on both end?
>
> sent from a tiny device
>
> On 2013-11-10, at 0:54, Paul Young <paul at arkig.com> wrote:
>
> Hi Gents,
>
> Has anyone heard of issues with OpenSwan\ipsec connecting to Cisco VPN SPA
> module devices?
>
> We have openswan connected just happily to Cisco ASA and other
> concentrators. But it really does not like phase 1 communication.
>
> Here's the clean hands shown by Cisco TAC:
>
> " I see from the debugs that right after phase 1 completed on vpn-spa
> end, linux machine sends some unencrypted packets which is not recognizable
> by the spa. Therefore we try to retransmit the last packet and then tear
> down the tunnel, so the whole phase 1 starts from the beginning.
>
> As I said VPN-SPA is End of Life:
>
>
> http://www.cisco.com/en/US/prod/collateral/modules/ps6267/end_of_life_c51-583910.html
>
> This means engineering support finished already at 2012, so we have no
> chance anymore to ask development team about this issue.
>
> Please try to troubleshoot the linux and may be different distribution or
> version of openswan."
>
> I am running  - openswan-2.6.32-21.el6_4.x86_64 - of OpenSwan
>
> Thoughts?
>
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131111/2339fdc6/attachment.html>