btw I am using StrongSwan 5.0.0
-Neeraj
From: kaj...@live.in
To: e...@cendatsys.com; users@lists.strongswan.org
Date: Fri, 28 Sep 2012 16:58:53 +0530
Subject: Re: [strongSwan] Cannot do IKEv1/PSK Main Mode in Cisco ASA 5510
# ipsec.conf
config setup
charondebug="dmn 1"
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev1
aggressive=no
type=tunnel
dpdaction=clear
dpddelay=60s
conn home
left=%defaultroute
xauth_identity=user
leftid=@CiscoPSKCxnProfile
xauth = client
leftsourceip = %config
leftauth=psk
leftauth2=xauth
leftfirewall=no
right=111.222.333.444
rightsubnet=192.168.0.0/16
rightauth=psk
ike=aes-sha-modp1024
esp=aes-sha1-modp1024
auto=start
# the ipsec.secrets has the corresponding PSK and password for user
Do let me know if you see an issues?
-Neeraj
Subject: Re: [strongSwan] Cannot do IKEv1/PSK Main Mode in Cisco ASA 5510
From: e...@cendatsys.com
Date: Thu, 27 Sep 2012 08:53:40 -0500
To: kaj...@live.in; users@lists.strongswan.org
I just went through this same problem -- still struggling with routing but seem
to habe the connection.
What's the Cisco config and you ipsec.conf?
Neeraj Sharma <kaj...@live.in> wrote:
I tried doing this a couple of times and did succeed with configuring a
StrongSwan client connecting to a Cisco ASA 5510 in IKEv1/PSK Main Mode. What
works at present is the IKEv1/PSK Aggressive mode.
I am no Cisco expert, so its possible (pointed by endre that it works as well
over freenode #strongswan) that I am missing a Cisco ASA config. Any pointers
(doc, etc) will be of great help.
Thanks,
Neeraj
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
