1. Home
  2. Cisco Systems
  3. IPSec tunnel between ASA and *BSD

IPSec tunnel between ASA and *BSD

Hi,

I'm trying to stup a simple l2l ipsec tunnel. nothing special. No problem when behind ASA is Cisco router. I have to set it up to *BSD system debug log shows as on the bottom. Anyone knows where should I look for a problem?

May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, Oakley proposal is acceptable May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, processing VID payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, Received DPD VID May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, constructing ke payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, constructing nonce payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, constructing Cisco Unity VID payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, constructing xauth V6 VID payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, Send IOS VID May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001) May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, constructing VID payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, Send Altiga/Cisco VPN3000/Cisco ASA GW VID May 26 18:50:53 [IKEv1]: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 256 May 26 18:50:53 [IKEv1]: IP = X.X.X.X, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 180 May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, processing ke payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, processing ISA_KE payload May 26 18:50:53 [IKEv1 DEBUG]: IP = X.X.X.X, processing nonce payload May 26 18:50:53 [IKEv1]: IP = X.X.X.X, Connection landed on tunnel_group X.X.X.X May 26 18:50:53 [IKEv1 DEBUG]: Group = X.X.X.X, IP = X.X.X.X, Generating keys for Initiator... May 26 18:50:53 [IKEv1 DEBUG]: Group = X.X.X.X, IP = X.X.X.X, constructing ID payload May 26 18:50:53 [IKEv1 DEBUG]: Group = X.X.X.X, IP = X.X.X.X, constructing hash payload May 26 18:50:53 [IKEv1 DEBUG]: Group = X.X.X.X, IP = X.X.X.X, Computing hash for ISAKMP May 26 18:50:53 [IKEv1 DEBUG]: Group = X.X.X.X, IP = X.X.X.X, constructing dpd vid payload May 26 18:50:53 [IKEv1]: IP = X.X.X.X, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 107 May 26 18:50:54 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0 May 26 18:50:54 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete. May 26 18:50:55 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0 May 26 18:50:55 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete. May 26 18:50:56 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0 May 26 18:50:56 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete. May 26 18:50:57 [IKEv1 DEBUG]: Pitcher: received a key acquire message, spi 0x0 May 26 18:50:57 [IKEv1]: Group = X.X.X.X, IP = X.X.X.X, Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete.

br

Reply to
m.mazurek
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.