You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/07/05 17:47:03 UTC
[GitHub] [cloudstack] ibragullam commented on issue #3138: StrongSwan with several rightsubnet's - ikev1
ibragullam commented on issue #3138:
URL: https://github.com/apache/cloudstack/issues/3138#issuecomment-653917988
hi there am trying to configure site to site vpn tunnel from my centos 7 cloud server to my Cisco asa device by using Strongswan but am keep getting this output someone help me am stuck here for weeks
root@imart-linux ibragullam]# strongswan statusall
Status of IKE charon daemon (strongSwan 5.7.2, Linux 3.10.0-1127.13.1.el7.x86_64, x86_64):
uptime: 3 hours, since Jul 05 13:02:21 2020
malloc: sbrk 1724416, mmap 0, used 625376, free 1099040
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 19
loaded plugins: charon pkcs11 tpm aesni aes des rc2 sha2 sha1 md4 md5 mgf1 random nonce x509 revocation constrain
ts acert pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl gcrypt fips-prf gmp curve25519 chapoly xcbc
cmac hmac ctr ccm gcm curl attr kernel-netlink resolve socket-default farp stroke vici updown eap-identity eap-sim
eap-aka eap-aka-3gpp eap-aka-3gpp2 eap-md5 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xa
uth-generic xauth-eap xauth-pam xauth-noauth dhcp led duplicheck unity counters
Listening IP addresses:
10.128.0.8
Connections:
imart-to-ASA5500: %any...41.204.128.170 IKEv1, dpddelay=300s
imart-to-ASA5500: local: [34.71.172.92] uses pre-shared key authentication
imart-to-ASA5500: remote: [41.204.128.170] uses pre-shared key authentication
imart-to-ASA5500: child: 10.128.0.8/32 === dynamic TUNNEL, dpdaction=clear
add_ASA5500_sub0: %any...41.204.152.238 IKEv1, dpddelay=300s
add_ASA5500_sub0: local: [34.71.172.92] uses pre-shared key authentication
add_ASA5500_sub0: remote: [41.204.152.238] uses pre-shared key authentication
add_ASA5500_sub0: child: 10.128.0.8/32 === 41.204.152.238/32[0/10501] TUNNEL, dpdaction=clear
add_ASA5500_sub1: %any...41.204.152.232 IKEv1, dpddelay=300s
add_ASA5500_sub1: local: [34.71.172.92] uses pre-shared key authentication
add_ASA5500_sub1: remote: [41.204.152.232] uses pre-shared key authentication
add_ASA5500_sub1: child: 10.128.0.8/32 === 41.204.152.232/32[0/vcom-tunnel] TUNNEL, dpdaction=clear
Security Associations (1 up, 2 connecting):
imart-to-ASA5500[667]: ESTABLISHED 14 seconds ago, 10.128.0.8[34.71.172.92]...41.204.128.170[41.204.128.170]
imart-to-ASA5500[667]: IKEv1 SPIs: 1ac345a770ba5de9_i* 0711bd6acb769aea_r, rekeying disabled
imart-to-ASA5500[667]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
imart-to-ASA5500[667]: Tasks queued: QUICK_MODE ISAKMP_DPD
imart-to-ASA5500[667]: Tasks active: MODE_CONFIG
add_ASA5500_sub1[3]: CONNECTING, 10.128.0.8[%any]...41.204.152.232[%any]
add_ASA5500_sub1[3]: IKEv1 SPIs: e8ee158c44b97ca0_i* 0000000000000000_r
add_ASA5500_sub1[3]: Tasks queued: QUICK_MODE
add_ASA5500_sub1[3]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD
add_ASA5500_sub0[2]: CONNECTING, 10.128.0.8[%any]...41.204.152.238[%any]
add_ASA5500_sub0[2]: IKEv1 SPIs: a95e5608ea7ba613_i* 0000000000000000_r
add_ASA5500_sub0[2]: Tasks queued: QUICK_MODE
add_ASA5500_sub0[2]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD
![github](https://user-images.githubusercontent.com/29119611/86538759-a35e6880-bf00-11ea-8a77-917a2d362788.PNG)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org