On Thu, 20 Jan 2022, Craig Slist wrote:
Subject: [Swan] direct connect ipsec tunnel
I am using RHEL8 and libreswan to make a tunnel directly to a cisco asa.
using a basic config we are getting this error002 "mytunnel" #7: initiating
Main Mode
104 "mytunnel" #7: STATE_MAIN_I1: initiate
003 "mytunnel" #7: ignoring informational payload NO_PROPOSAL_CHOSEN,
msgid=00000000, length=12
This means your configurations don't match up. It is hard for us to help
you as we don't know what your cisco end wants you to use.
Some possible mismatching options are:
- IKEv1 vs IKEv2 (ikev2=yes|no)
- IKEv1 Aggressive Mode vs IKEv1 Main Mode (agressive=yes|no)
- IKE/phase1 crypto ciphers mismatch (ike= option in libreswan)
- Perfect Forward Secrecy setting (pfs=yes|no)
- If IKEv1 Aggressive Mode, a mismatched client ID could cause this
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
