Делаю туннель сеть-сеть между cisco2911 и Centos7 на strongswan
Конфиги:
XXXX- public ip cisco
YYYY - public ip Linux
Strongswan
Код: Выделить всё
conn cisco
type=tunnel #IPSec Type: Tunnel
authby=secret #Authentication via Shared Secret
left=%defaultroute #strongswan outside address
leftsubnet=10.0.1.6/32 #Local Subnets being Tunneled
leftid=YYYY #Connection PublicIP (OtherPartyConnectionId)
right=XXXX #Remote Participant PublicIP
rightsubnet=10.0.1.5/32 #Remote Subnets being Tunneled
rightid=XXXX #IKEID sent by IOS
auto=start
compress = yes
ike=3des-md5-modp1024! #IKE Phase 1 Algorithm
# esp=3des-md5-modp1024!
esp=aes192gcm16-aes128gcm16-ecp256-modp3072,aes256-sha256
mark=%unique
ikelifetime=28800
keyingtries=%forever #Attempts to Negotiate a Connection
#keylife=59m
#rekeymargin=3m
leftprotoport=47
rightprotoport=47
rekey=yes #Enable Rekeying
keyexchange=ikev1
dpdtimeout=10 #Dead Peer Detection Timeout
dpddelay=3 #Dead Peer Detection Delay
cisco
Код: Выделить всё
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key <<key>> address YYYY
!
!
crypto ipsec transform-set 1DES ah-md5-hmac esp-3des esp-md5-hmac
mode tunnel
!
crypto ipsec profile IPSEC
set security-association lifetime seconds 28800
set transform-set 1DES
set pfs group2
!
!
!
!
!
!
!
!
interface Tunnel1
description Virtual
ip address 10.0.1.5 255.255.255.252
ip mtu 1400
tunnel source XXXX
tunnel destination YYYY
tunnel protection ipsec profile IPSEC
charon[6358]: 11[ENC] generating QUICK_MODE request 945195132 [ HASH SA No KE ID ID ]
charon[6358]: 11[NET] sending packet: from YYYY[500] to XXXX[500] (300 bytes)
charon[6358]: 12[NET] received packet: from XXXX[500] to YYYY[500] (84 bytes)
charon[6358]: 12[ENC] parsed INFORMATIONAL_V1 request 2917458150 [ HASH N(NO_PROP) ]
charon[6358]: 12[IKE] received NO_PROPOSAL_CHOSEN error notify
charon[6358]: 13[NET] received packet: from XXXX[500] to YYYY[500] (164 bytes)
charon[6358]: 13[ENC] parsed QUICK_MODE request 3649755865 [ HASH SA No ID ID ]
charon[6358]: 13[IKE] no matching CHILD_SA config found for XXXX/32[gre] === YYYY/32[gre]
charon[6358]: 13[ENC] generating INFORMATIONAL_V1 request 3185025512 [ HASH N(INVAL_ID) ]
charon[6358]: 13[NET] sending packet: from YYYY[500] to XXXX[500] (68 bytes)
received HASH payload does not match
Прошу подсказать соответствие цисковских и линуксовых (стронгсвановских) пропосалов
Прошу помощи, уже и ракун попробовал
Линукс на хецнере