Hi,
I've tried to connect with a Cisco VPN Client to the ASG with X.509 certs. Unfortunately this doesnt work, because of the fact the client's IKE implementation is slightly different than the one ASG's StrongSWAN is using. I'm getting the following log entry (not error, because StrongSWAN is following the RFC I believe) :
2008:04:07-23:55:22 (none) pluto[2875]: packet from xx.xx.xx.xx:49545: size (1160) differs from size specified in ISAKMP HDR (1144)
I've managed the dig up an old article in which it's explained that StrongSWAN should be compiled with a specific option enabling Cisco VPN clients to connect :
./configure --enable-cisco-quirks
When succesfully connecting you would end up with the following log entry :
May 11 14:07:43 lumberjack pluto[16813]: packet from 123.123.123.123:500: Cisco VPN client appends 16 surplus NULL bytes
Unfortunately the log entry above isn't mine :-( otherwise I wouldnt make this post.
My Q:
Is there any way that this option gets enabled in ASG ?!?!?
Or will I be forced to use multiple VPN clients for different VPN gateways ?
Thanks in advance,
Bram van den Hout
Source :
https://lists.strongswan.org/pipermail/users/2007-May/001804.html
This thread was automatically locked due to age.
