LINUX.ORG.RU

strongswan IPSec подключение к cisco

 


0

1

Нужно организовать туннель между сетями.

Пытаюсь подключиться со своего шлюза на линуксе XX.XX.XX.XX

Перерыл горы примеров, Признаюсь, уже сам запутался.

Извиняюсь, если где недопонимаю.

Дали следующие параметры для подключения.

crypto isakmp policy 20

encr 3des

authentication pre-share

group 2

lifetime 28800

password XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

crypto ipsec transform-set ESP_3DES_SHA1 esp-3des esp-sha-hmac

mode tunnel

#-------------------------------------------------------------

Как я понял, это циска

#-------------------------------------------------------------

ipsec.conf:

config setup

conn vpn-connect

keyexchange=ikev1

type=tunnel

authby=secret

ike=3des-sha1-modp1024!

esp=3des-sha1!

left=XX.XX.XX.XX

leftid=XX.XX.XX.XX

right=YY.YY.YY.YY

keylife=8h

auto=start

#-------------------------------------------------------------

# ipcec up vpn-connect

initiating Main Mode IKE_SA vpn-connect[2] to YY.YY.YY.YY

generating ID_PROT request 0 [ SA V V V V V ]

sending packet: from XX.XX.XX.XX[500] to YY.YY.YY.YY[500] (176 bytes) received packet: from YY.YY.YY.YY[500] to XX.XX.XX.XX[500] (100 bytes) parsed ID_PROT response 0 [ SA V ]

received NAT-T (RFC 3947) vendor ID

generating ID_PROT request 0 [ KE No NAT-D NAT-D ]

sending packet: from XX.XX.XX.XX[500] to YY.YY.YY.YY[500] (244 bytes) received packet: from YY.YY.YY.YY[500] to XX.XX.XX.XX[500] (304 bytes) parsed ID_PROT response 0 [ KE No V V V V NAT-D NAT-D ]

received Cisco Unity vendor ID

received DPD vendor ID

received unknown vendor ID: 53:59:33:6f:6f:2f:c1:1b:83:b4:73:33:4a:21:6e:71 received XAuth vendor ID

generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]

sending packet: from XX.XX.XX.XX[500] to YY.YY.YY.YY[500] (100 bytes) received packet: from YY.YY.YY.YY[500] to XX.XX.XX.XX[500] (68 bytes) parsed ID_PROT response 0 [ ID HASH ]

IKE_SA vpn-connect[2] established between XX.XX.XX.XX[XX.XX.XX.XX]...YY.YY.YY.YY[YY.YY.YY.YY] scheduling reauthentication in 10174s

maximum IKE_SA lifetime 10714s

generating QUICK_MODE request 1234054808 [ HASH SA No ID ID ]

sending packet: from XX.XX.XX.XX[500] to YY.YY.YY.YY[500] (172 bytes) received packet: from YY.YY.YY.YY[500] to XX.XX.XX.XX[500] (84 bytes) parsed INFORMATIONAL_V1 request 2531360416 [ HASH N(NO_PROP) ]

received NO_PROPOSAL_CHOSEN error notify

establishing connection 'vpn-connect' failed

#-------------------------------------------------------------

Помогите натроить. Готов даже отблагодарить.