Ikev2 remote-authentication pre-shared-key 321 Here's the ASA conf, standard stuff tunnel-group x type ipsec-l2l Here's the strongswan conf # cat /var/lib/strongswan/ Left 321 right 123 (should be the working one) SWAN: received AUTHENTICATION_FAILED notify error Left 123 right 123 SWAN: received AUTHENTICATION_FAILED notify error Now with StrongSwan being the initiator: (ASA still local: 123, remote: 321) Security protocol id: Unknown - 0, spi size: 0, type: AUTHENTICATION_FAILED IKEv2-PROTO-5: Parse Notify Payload: AUTHENTICATION_FAILED NOTIFY(AUTHENTICATION_FAILED) Next payload: NONE, reserved: 0x0, length: 8 Oh, and ASA debugs show the following when it cannot connect: REAL Decrypted packet:Data: 8 bytes If I set the two PSKs the same on each side then everything works.īTW what is the point anyway with IKEv2 having two different PSKs? Left 321 right 321 ASA: Auth exchange failed Left 321 right 123 (should be the working one) ASA:Failed to authenticate the IKE SAĬharon: 08 authentication of 'a' with pre-shared key successfulĬharon: 08 authentication of 'b' (myself) with pre-shared keyĬharon: 08 x established between b.a Left 123 right 123 ASA:Failed to authenticate the IKE SAĬharon: 11 authentication of 'a with pre-shared key successfulĬharon: 11 authentication of 'b' (myself) with pre-shared keyĬharon: 11 IKE_SA x established between b.a SWAN: tried 1 shared key for '%any' - 'XXX', but MAC mismatched Left 123 right 321 ASA:Auth exchange failed Now several combinations in crets on the StrongSwan side: The problem is the ikeV2 authentication with the ASA as initiator.įor the following experimets I set on the ASA the followings PSKs: local: 123, remote: 321
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |