Hi all,
I need this as soon as possible to solve it or at least to find out what is the problem.
I have configured IPSec tunnels with Openswan and Cisco ASA, i have established a connection and the ping was fine, but after some time there is request time out from both sites. I don't have ASA access but its default IPSec configuration,this is the openswan conf parameters.
received Delete SA(0x937bbc29) payload: deleting IPSEC State #5
received and ignored informational message
received Delete SA(0x55f62168) payload: deleting IPSEC State #8
received and ignored informational message
Also i like to put some more logging/debuging so i can have more info but can't find any good example or doc. on how to.
And i have the following doc. on Phase 1 and 2
Code:
Encryption Algorithm 3DES
Hash Algorithm SHA1
Authentication method Preshare
Diffie Hellman Group Group 2
Lifetime (Key) 28800
Use NAT traversal No
Use PFS No
Encapsulation ESP
Encryption Algorithm 3DES
Hash Algorithm SHA1
Lifetime (Key) 28800
Any solution or hints or some parameters that I'm missing ?
Moderator's Comments:
Please use code tags next time for your code and data, not QUOTE Thanks
Hi,
I am trying to establish vpn between my linux server and cisco asa at client side.
I installed openswan on my cent os.
Linux Server
eth0 - 182.2.29.10
Gateway - 182.2.29.1
eth1 - 192.9.200.75
I have simple IPtables Like
WAN="eth0"
LAN="eth1" (0 Replies)
Is there an easy way to stack Cisco 2960-S and Cisco 2960X switches? If you have no idea, follow this:
1. Stacking is not supported on switches running the LAN Lite image. All switches in the stack must be running the LAN Base image.
2. In a mixed stack of Catalyst 2960-X and Catalyst 2960-S... (0 Replies)
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Hi,I want connect my ASA 5510 firewall to a 3750 switch with RIP routing. Unfortunately,I am having issues passing the VPN subnet through rip to the 3750.I don't understand how the routing table is populated on the ASA. Any suggestions? (0 Replies)
Discussion started by: Ayaerlee
0 Replies
LEARN ABOUT X11R4
in.iked
in.iked(1M) System Administration Commands in.iked(1M)NAME
in.iked - daemon for the Internet Key Exchange (IKE)
SYNOPSIS
/usr/lib/inet/in.iked [-d] [-f filename] [-p level]
/usr/lib/inet/in.iked -c [-f filename]
DESCRIPTION
in.iked performs automated key management for IPsec using the Internet Key Exchange (IKE) protocol.
in.iked implements the following:
o IKE authentication with either pre-shared keys, DSS signatures, RSA signatures, or RSA encryption.
o Diffie-Hellman key derivation using either 768, 1024, or 1536-bit public key moduli.
o Authentication protection with cipher choices of DES, Blowfish, or 3DES, and hash choices of either HMAC-MD5 or HMAC-SHA-1. Encryption
in in.iked is limited to the IKE authentication and key exchange. See ipsecesp(7P) for information regarding IPsec protection
choices.
in.iked starts at boot time if the /etc/inet/ike/config file exists. See ike.config(4) for the format of this file.
in.iked listens for incoming IKE requests from the network and for requests for outbound traffic using the PF_KEY socket. See pf_key(7P).
in.iked has two support programs that are used for IKE administration and diagnosis: ikeadm(1M) and ikecert(1M).
The SIGHUP signal causes the IKE daemon to read /etc/inet/ike/config and reload the certificate database. SIGHUP is equivalent to using
ikeadm(1M) to read the /etc/inet/ike/config file as a rule, for example:
example# ikeadm read rule /etc/inet/ike/config
OPTIONS
The following options are supported:
-c Check the syntax of a configuration file.
-d Use debug mode. The process stays attached to the controlling terminal and produces large amounts of debugging output.
-f filename Use filename instead of /etc/inet/ike/config. See ike.config(4) for the format of this file.
-p level Specify privilege level (level). This option sets how much ikeadm(1M) invocations can change or observe about the running
in.iked.
Valid levels are:
0 Base level
1 Access to preshared key info
2 Access to keying material
If -p is not specified, level defaults to 0.
SECURITY
This program has sensitive private keying information in its image. Care should be taken with any core dumps or system dumps of a running
in.iked daemon, as these files contain sensitive keying information. Use the coreadm(1M) command to limit any corefiles produced by
in.iked.
FILES
/etc/inet/ike/config
/etc/inet/secret/ike.privatekeys/*
Private keys. A private key must have a matching public-key certificate with the same filename in /etc/inet/ike/publickeys/.
/etc/inet/ike/publickeys/*
Public-key certificates. The names are only important with regard to matching private key names.
/etc/inet/ike/crls/*
Public key certificate revocation lists.
/etc/inet/secret/ike.preshared
IKE pre-shared secrets for Phase I authentication.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWcsu |
+-----------------------------+-----------------------------+
SEE ALSO coreadm(1M), ikeadm(1M), ikecert(1M), ike.config(4), attributes(5), ipsecesp(7P)
Harkins, Dan and Carrel, Dave. RFC 2409, Internet Key Exchange (IKE). Network Working Group. November 1998.
Maughan, Douglas, Schertler, M., Schneider, M., Turner, J. RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP).
Network Working Group. November 1998.
Piper, Derrell, RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP. Network Working Group. November 1998.
SunOS 5.10 11 Jun 2003 in.iked(1M)
11-06-2014
