Run isakmpd with ā-Lā and then tcpdump -n -vs 1440 -r /var/run/isakmpd.pcap and se what is going on.
//mxb > On 7 apr 2015, at 19:29, jean-yves boisiaud > <[email protected]> wrote: > > Hello Alexander, > > Thank you for your help. > > The problem is that I do not have any access to the Cisco configurations. > > > > 2015-04-07 19:10 GMT+02:00 Alexander Salmin <[email protected]>: > >> Hey, >> >> Based on my experience you could try three things: >> - Provide us with the Cisco configuration on that side. >> - Use packet-tracer from the cisco device, it's really helpful in these >> situations. >> - Verify every little bit of configuration on both sides so that they are >> exactly the same. >> >> Alexander Salmin >> >> >> On 2015-04-07 16:28:00, jean-yves boisiaud wrote: >>> hello, >>> >>> I'm using IPSec with OpenBSD. >>> >>> I cannot connect with some Cisco appliances, a Cisco Asa and a Cisco >> 2951. >>> >>> For these two Cisco gw, I can see in the log the same messages : >>> >>> Apr 7 16:10:00 billy isakmpd[31908]: isakmpd: phase 1 done: initiator id >>> X, responder id Y, src: X dst: Y >>> Apr 7 16:10:00 billy isakmpd[31908]: isakmpd: Peer Y made us delete live >>> SA peer-Y-local-X for proto 1, initiator id: X, responder id: Y >>> >>> As the remote IT engineers wanted me to enable DPD, I changed the ipsec >>> configuration from active to dynamic, but nothing changes. >>> >>> Is there something wrong in my configuration ? >>> >>> ike dynamic esp from 192.168.36.0/24 to 10.0.0.0/8 \ >>> local X peer Y \ >>> main auth hmac-md5 enc 3des group grp2 lifetime 28800 \ >>> quick auth hmac-sha1 enc 3des group grp2 lifetime 28800 \ >>> srcid "X" dstid "Y" \ >>> psk "z" >>> >>> -- >>> Jean-Yves Boisiaud - Alcor Consulting >>> 24, rue de la Glycine >>> 49250 Saint Remy la Varenne >>> mobile : +33 6 63 71 73 46 fixe : +33 9 72 41 19 35 >> > > > > -- > Jean-Yves Boisiaud - Alcor Consulting > 24, rue de la Glycine > 49250 Saint Remy la Varenne > mobile : +33 6 63 71 73 46 fixe : +33 9 72 41 19 35
