© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
All,
I'm working on getting my Ubuntu 10.04 (Core2Duo Platform, AMD/x64 Installlation) talking to my CISCO backend (ASA5540, 8.05 Firmware) since the beginning of the week. What I can confirm after successful testing is that the P2 re-key mechanisms are working fine with 0.5.3r449-2.1 (i.e. re-key on time AND data is definitely working). However, the P1 re-key isn't working and I'm dropped out immediately.
With 0.5.3r449-2 I was witnessing constant (and unfortunately unsuccessful) P2 re-key attempts which ultimately lead into the tear-down of the tunnel as too many unauthenticated ESP frames hit the ASA. I'm unsure if the P1 re-key problem existed as well as the P1 proposal usually has got a longer lifetime than the P2 proposal.
I agree with Cashy that this has to be flagged as open, however not within the original context as this isn't affecting the IPSEC SA anymore. The problem seems to be within the IKE SA (maybe ISAKMP).
Thanks & regards,
Markus