Hi, We are working to setup an IPSec PSK VPN between the 4G router and StrongSwan which resides on a public server in road warrior configuration, with the 4G router being the road warrior clients.
Cisco 819 4G router ( Road warrior client) ---------------CGNAT -------------------------- StrongSwan server We are able to establish an IPSec VPN between the Cisco 819 4G router and Strongswan, with a direct connection, wherein there is no CGNAT, this is over the gigabit interface and strongswan local server. The moment we introduce CGNAT with strongswan in the cloud, we are unable to get the IPSec VPN working. We are getting an error, please help/guide us here: *Apr 5 14:39:38.822: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 100.76.145.121:500, remote= 125.16.240.98:500, local_proxy= 192.168.1.0/255.255.255.0/256/0, remote_proxy= 10.56.138.86/255.255.255.255/256/0, protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0 *Apr 5 14:39:38.822: ISAKMP: (0):SA request profile is (NULL) *Apr 5 14:39:38.822: ISAKMP: (0):Created a peer struct for 125.16.240.98, peer port 500 *Apr 5 14:39:38.822: ISAKMP: (0):New peer created peer = 0x1E10DE4 peer_handle = 0x80000012 *Apr 5 14:39:38.822: ISAKMP: (0):Locking peer struct 0x1E10DE4, refcount 1 for isakmp_initiator *Apr 5 14:39:38.822: ISAKMP: (0):local port 500, remote port 500 *Apr 5 14:39:38.822: ISAKMP: (0):set new node 0 to QM_IDLE *Apr 5 14:39:38.822: ISAKMP: (0):insert sa successfully sa = 10937C0 *Apr 5 14:39:38.822: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Apr 5 14:39:38.822: ISAKMP: (0):found peer pre-shared key matching 125.16.240.98 *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-07 ID *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-03 ID *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-02 ID *Apr 5 14:39:38.822: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Apr 5 14:39:38.822: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Apr 5 14:39:38.822: ISAKMP: (0):beginning Main Mode exchange *Apr 5 14:39:38.822: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:39:38.822: ISAKMP: (0):Sending an IKE IPv4 Packet.. Success rate is 0 percent (0/1) Router# *Apr 5 14:39:42.626: ISAKMP-PAK: (0):received packet from 125.16.240.98 dport 500 sport 500 Global (I) MM_NO_STATE **Apr 5 14:39:42.626: ISAKMP-ERROR: (0):Couldn't find node: message_id 2939252457* **Apr 5 14:39:42.626: ISAKMP-ERROR: (0):(0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1* *Apr 5 14:39:42.626: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY *Apr 5 14:39:42.626: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_I_MM1 *Apr 5 14:39:42.626: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 125.16.240.98 *Apr 5 14:39:48.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:39:48.826: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Apr 5 14:39:48.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Apr 5 14:39:48.826: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:39:48.826: ISAKMP: (0):Sending an IKE IPv4 Packet. *Apr 5 14:39:50.286: ISAKMP-PAK: (0):received packet from 125.16.240.98 dport 500 sport 500 Global (I) MM_NO_STATE **Apr 5 14:39:50.286: ISAKMP-ERROR: (0):Couldn't find node: message_id 702674192* **Apr 5 14:39:50.286: ISAKMP-ERROR: (0):(0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1* **Apr 5 14:39:50.286: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY* **Apr 5 14:39:50.286: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_I_MM1* *StrongSwan output:* 06[CFG] received stroke: add connection 'ciscoios' 06[CFG] left nor right host is our side, assuming left=local 06[CFG] added configuration 'ciscoios' 11[NET] received packet: from 106.206.153.204[13418] to 10.56.138.86[500] (168 bytes) 11[ENC] parsed ID_PROT request 0 [ SA V V V V ] 11[IKE] no IKE config found for 10.56.138.86...106.206.153.204, sending NO_PROPOSAL_CHOSEN 11[ENC] generating INFORMATIONAL_V1 request 2939252457 [ N(NO_PROP) ] 11[NET] sending packet: from 10.56.138.86[500] to 106.206.153.204[13418] (40 bytes) 04[NET] received packet: from 106.206.153.204[13418] to 10.56.138.86[500] (168 bytes) 04[ENC] parsed ID_PROT request 0 [ SA V V V V ] 04[IKE] no IKE config found for 10.56.138.86...106.206.153.204, sending NO_PROPOSAL_CHOSEN 04[ENC] generating INFORMATIONAL_V1 request 702674192 [ N(NO_PROP) ] 04[NET] sending packet: from 10.56.138.86[500] to 106.206.153.204[13418] (40 byt Regards, Chandu
Router#ping Protocol [ip]: Target IP address: 10.56.138.86 Repeat count [5]: 1 Datagram size [100]: Timeout in seconds [2]: Extended commands [n]: y Ingress ping [n]: Source address or interface: vlan3 Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0x0000ABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 10.56.138.86, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 *Apr 5 14:39:38.822: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 100.76.145.121:500, remote= 125.16.240.98:500, local_proxy= 192.168.1.0/255.255.255.0/256/0, remote_proxy= 10.56.138.86/255.255.255.255/256/0, protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0 *Apr 5 14:39:38.822: ISAKMP: (0):SA request profile is (NULL) *Apr 5 14:39:38.822: ISAKMP: (0):Created a peer struct for 125.16.240.98, peer port 500 *Apr 5 14:39:38.822: ISAKMP: (0):New peer created peer = 0x1E10DE4 peer_handle = 0x80000012 *Apr 5 14:39:38.822: ISAKMP: (0):Locking peer struct 0x1E10DE4, refcount 1 for isakmp_initiator *Apr 5 14:39:38.822: ISAKMP: (0):local port 500, remote port 500 *Apr 5 14:39:38.822: ISAKMP: (0):set new node 0 to QM_IDLE *Apr 5 14:39:38.822: ISAKMP: (0):insert sa successfully sa = 10937C0 *Apr 5 14:39:38.822: ISAKMP: (0):Can not start Aggressive mode, trying Main mode. *Apr 5 14:39:38.822: ISAKMP: (0):found peer pre-shared key matching 125.16.240.98 *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-rfc3947 ID *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-07 ID *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-03 ID *Apr 5 14:39:38.822: ISAKMP: (0):constructed NAT-T vendor-02 ID *Apr 5 14:39:38.822: ISAKMP: (0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM *Apr 5 14:39:38.822: ISAKMP: (0):Old State = IKE_READY New State = IKE_I_MM1 *Apr 5 14:39:38.822: ISAKMP: (0):beginning Main Mode exchange *Apr 5 14:39:38.822: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:39:38.822: ISAKMP: (0):Sending an IKE IPv4 Packet.. Success rate is 0 percent (0/1) Router# *Apr 5 14:39:42.626: ISAKMP-PAK: (0):received packet from 125.16.240.98 dport 500 sport 500 Global (I) MM_NO_STATE *Apr 5 14:39:42.626: ISAKMP-ERROR: (0):Couldn't find node: message_id 2939252457 *Apr 5 14:39:42.626: ISAKMP-ERROR: (0):(0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1 *Apr 5 14:39:42.626: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY *Apr 5 14:39:42.626: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_I_MM1 *Apr 5 14:39:42.626: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at 125.16.240.98 *Apr 5 14:39:48.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:39:48.826: ISAKMP: (0):: incrementing error counter on sa, attempt 1 of 5: retransmit phase 1 *Apr 5 14:39:48.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Apr 5 14:39:48.826: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:39:48.826: ISAKMP: (0):Sending an IKE IPv4 Packet. *Apr 5 14:39:50.286: ISAKMP-PAK: (0):received packet from 125.16.240.98 dport 500 sport 500 Global (I) MM_NO_STATE *Apr 5 14:39:50.286: ISAKMP-ERROR: (0):Couldn't find node: message_id 702674192 *Apr 5 14:39:50.286: ISAKMP-ERROR: (0):(0): Unknown Input IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY: state = IKE_I_MM1 *Apr 5 14:39:50.286: ISAKMP: (0):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY *Apr 5 14:39:50.286: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_I_MM1 *Apr 5 14:39:58.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:39:58.826: ISAKMP: (0):: incrementing error counter on sa, attempt 2 of 5: retransmit phase 1 *Apr 5 14:39:58.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Apr 5 14:39:58.826: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:39:58.826: ISAKMP: (0):Sending an IKE IPv4 Packet. *Apr 5 14:40:08.822: IPSEC:(SESSION ID = 2) (key_engine) request timer fired: count = 1, (identity) local= 100.76.145.121:0, remote= 125.16.240.98:0, local_proxy= 192.168.1.0/255.255.255.0/256/0, remote_proxy= 10.56.138.86/255.255.255.255/256/0 *Apr 5 14:40:08.822: IPSEC(sa_request): , (key eng. msg.) OUTBOUND local= 100.76.145.121:500, remote= 125.16.240.98:500, local_proxy= 192.168.1.0/255.255.255.0/256/0, remote_proxy= 10.56.138.86/255.255.255.255/256/0, protocol= ESP, transform= esp-aes esp-sha-hmac (Tunnel), lifedur= 3600s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0 *Apr 5 14:40:08.822: ISAKMP: (0):set new node 0 to QM_IDLE *Apr 5 14:40:08.822: ISAKMP-ERROR: (0):SA is still budding. Attached new ipsec request to it. (local 100.76.145.121, remote 125.16.240.98) *Apr 5 14:40:08.822: ISAKMP-ERROR: (0):Error while processing SA request: Failed to initialize SA *Apr 5 14:40:08.822: ISAKMP-ERROR: (0):Error while processing KMI message 0, error 2. *Apr 5 14:40:08.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:40:08.826: ISAKMP: (0):: incrementing error counter on sa, attempt 3 of 5: retransmit phase 1 *Apr 5 14:40:08.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Apr 5 14:40:08.826: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:40:08.826: ISAKMP: (0):Sending an IKE IPv4 Packet. *Apr 5 14:40:18.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:40:18.826: ISAKMP: (0):: incrementing error counter on sa, attempt 4 of 5: retransmit phase 1 *Apr 5 14:40:18.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Apr 5 14:40:18.826: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:40:18.826: ISAKMP: (0):Sending an IKE IPv4 Packet. *Apr 5 14:40:28.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:40:28.826: ISAKMP: (0):: incrementing error counter on sa, attempt 5 of 5: retransmit phase 1 *Apr 5 14:40:28.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE *Apr 5 14:40:28.826: ISAKMP-PAK: (0):sending packet to 125.16.240.98 my_port 500 peer_port 500 (I) MM_NO_STATE *Apr 5 14:40:28.826: ISAKMP: (0):Sending an IKE IPv4 Packet. *Apr 5 14:40:38.822: IPSEC:(SESSION ID = 2) (key_engine) request timer fired: count = 2, (identity) local= 100.76.145.121:0, remote= 125.16.240.98:0, local_proxy= 192.168.1.0/255.255.255.0/256/0, remote_proxy= 10.56.138.86/255.255.255.255/256/0 *Apr 5 14:40:38.826: ISAKMP: (0):retransmitting phase 1 MM_NO_STATE... *Apr 5 14:40:38.826: ISAKMP: (0):peer does not do paranoid keepalives. *Apr 5 14:40:38.826: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 125.16.240.98) *Apr 5 14:40:38.826: ISAKMP-ERROR: (0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 125.16.240.98) *Apr 5 14:40:38.826: ISAKMP: (0):Unlocking peer struct 0x1E10DE4 for isadb_mark_sa_deleted(), count 0 *Apr 5 14:40:38.826: ISAKMP: (0):Deleting peer node by peer_reap for 125.16.240.98: 1E10DE4 *Apr 5 14:40:38.826: ISAKMP: (0):deleting node 129176622 error FALSE reason "IKE deleted" *Apr 5 14:40:38.826: ISAKMP: (0):deleting node -90631767 error FALSE reason "IKE deleted" *Apr 5 14:40:38.826: ISAKMP: (0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL *Apr 5 14:40:38.826: ISAKMP: (0):Old State = IKE_I_MM1 New State = IKE_DEST_SA *Apr 5 14:40:38.826: IPSEC(key_engine): got a queue event with 1 KMI message(s)
Starting strongSwan 5.4.0 IPsec [starter]... 00[DMN] Starting IKE charon daemon (strongSwan 5.4.0, Linux 3.10.0-327.3.1.el7.x86_64, x86_64) 00[CFG] loading ca certificates from '/usr/local/etc/ipsec.d/cacerts' 00[CFG] loading aa certificates from '/usr/local/etc/ipsec.d/aacerts' 00[CFG] loading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts' 00[CFG] loading attribute certificates from '/usr/local/etc/ipsec.d/acerts' 00[CFG] loading crls from '/usr/local/etc/ipsec.d/crls' 00[CFG] loading secrets from '/usr/local/etc/ipsec.secrets' 00[CFG] loaded IKE secret for 125.16.240.98 %any 00[CFG] line 3: missing ' : ' separator 00[LIB] loaded plugins: charon aes des rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown xauth-generic 00[JOB] spawning 16 worker threads charon (5432) started after 20 ms 06[CFG] received stroke: add connection 'ciscoios' 06[CFG] left nor right host is our side, assuming left=local 06[CFG] added configuration 'ciscoios' 11[NET] received packet: from 106.206.153.204[13418] to 10.56.138.86[500] (168 bytes) 11[ENC] parsed ID_PROT request 0 [ SA V V V V ] 11[IKE] no IKE config found for 10.56.138.86...106.206.153.204, sending NO_PROPOSAL_CHOSEN 11[ENC] generating INFORMATIONAL_V1 request 2939252457 [ N(NO_PROP) ] 11[NET] sending packet: from 10.56.138.86[500] to 106.206.153.204[13418] (40 bytes) 04[NET] received packet: from 106.206.153.204[13418] to 10.56.138.86[500] (168 bytes) 04[ENC] parsed ID_PROT request 0 [ SA V V V V ] 04[IKE] no IKE config found for 10.56.138.86...106.206.153.204, sending NO_PROPOSAL_CHOSEN 04[ENC] generating INFORMATIONAL_V1 request 702674192 [ N(NO_PROP) ] 04[NET] sending packet: from 10.56.138.86[500] to 106.206.153.204[13418] (40 bytes) ^C00[DMN] signal of type SIGINT received. Shutting down charon stopped after 200 ms ipsec starter stopped
Building configuration... Current configuration : 4695 bytes ! ! Last configuration change at 13:14:22 UTC Tue Apr 5 2016 by admin ! version 15.5 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ethernet lmi ce ! crypto pki trustpoint TP-self-signed-166567200 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-166567200 revocation-check none rsakeypair TP-self-signed-166567200 ! ! crypto pki certificate chain TP-self-signed-166567200 certificate self-signed 01 30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31363635 36373230 30301E17 0D313630 34303530 38343535 365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3136 36353637 32303030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 8FFDE824 9BEDE4ED F26CBA92 B6B6C085 F340B93A 1769B956 98A4014B 945D5CAF 935E7018 B08979BF 825718D4 F714B3BA F6A0AB95 68AF251D 0D22E906 062B2A1D EF5F48E2 754CDB6C C29B14B5 83F65D55 9CFA49D5 DC38A95E C18522DA 48F27297 166EACAC 864676F6 72A34404 E390F6A5 F83F5B5A 637CC1FE E52B2BA6 6F09C387 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D 23041830 16801411 0D1FA120 7F3CDFA2 78F181A8 2C0A99DE B61C2930 1D060355 1D0E0416 0414110D 1FA1207F 3CDFA278 F181A82C 0A99DEB6 1C29300D 06092A86 4886F70D 01010505 00038181 007ECF68 25989D4D 9485935B 5FEEA41F 651A1EA8 6CF25618 32F10C88 99F6F20A FA7E3072 058E3715 DE7714E1 4D8106ED 5B315EF9 22E9D2B9 CAD961D0 E1044950 CF01100E A6D06B84 28CE500B 842EDCCE D42980FE 8048EB64 3A0B1D9B B9BB015E 3ED20C74 97B836FE 40624795 3924789A F73BE16D 70526A5F DB9B680C 60125718 14 quit ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip dhcp excluded-address 10.10.10.1 ! ip dhcp pool ccp-pool import all network 10.10.10.0 255.255.255.128 default-router 10.10.10.1 lease 0 2 ! ! ! ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! chat-script lte "" "AT!CALL" TIMEOUT 20 "OK" ! ! ! ! ! license udi pid C819HG-4G-G-K9 sn FGL200422N5 ! ! username admin privilege 15 secret 5 $1$VIB2$ToQSRis/P//x9QwPanc/R0 ! ! ! ! ! controller Cellular 0 lte modem link-recovery rssi onset-threshold -110 lte modem link-recovery monitor-timer 20 lte modem link-recovery wait-timer 10 lte modem link-recovery debounce-count 6 ! ! ! crypto isakmp policy 10 encr aes authentication pre-share group 5 crypto isakmp key cisco address 125.16.240.98 ! ! crypto ipsec transform-set TS esp-aes esp-sha-hmac mode tunnel ! ! ! crypto map cmap 10 ipsec-isakmp set peer 125.16.240.98 set transform-set TS match address cryptoacl ! ! ! ! ! ! interface Cellular0 ip address negotiated ip nat outside ip virtual-reassembly in encapsulation slip dialer in-band dialer string lte dialer-group 1 crypto map cmap ! interface Cellular1 no ip address encapsulation slip ! interface FastEthernet0 no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 switchport access vlan 3 no ip address ! interface FastEthernet3 no ip address ! interface GigabitEthernet0 ip address 172.16.10.10 255.255.255.0 duplex auto speed auto crypto map cmap ! interface Serial0 no ip address shutdown clock rate 2000000 ! interface Vlan1 ip address 10.10.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan3 ip address 192.168.1.1 255.255.255.0 ! ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list NAT interface Cellular0 overload ip route 0.0.0.0 0.0.0.0 Cellular0 ip ssh time-out 60 ip ssh authentication-retries 2 ! ip access-list extended NAT permit ip 10.10.10.0 0.0.0.255 any ip access-list extended cryptoacl permit ip 192.168.1.0 0.0.0.255 host 10.56.138.86 ! dialer-list 1 protocol ip permit ! ! ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! line con 0 no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line 3 script dialer lte no exec speed 384000 line 8 no exec speed 384000 line vty 0 4 access-class 23 in privilege level 15 transport input telnet ssh ! scheduler allocate 20000 1000 ! ! ! end
StrongSwanConfiguration
Description: Binary data
_______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users