Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [isakmp]

ISAKMP (Internet Security Association and Key Management Protocol) is part of the IPSEC suite.

ISAKMP (Internet Security Association and Key Management Protocol) is part of the IPSEC suite.

It is used for negotiation of encryption and other parameters used to authenticate remote peers, and establishing a secure channel in an IPSEC VPN.

12 questions
4
votes
1 answer

Is there a way of setting an MTU lower for traffic destined to a specific IP address on Cisco ASA?

I have a number of VPN sites where the MTU is lower than standard (1500). I have had at least one site where fragmentation of packets has had an effect on the success of building an IPSEC tunnel. I am able to set the MTU on the equipment at the…
dunxd
  • 9,482
  • 21
  • 80
  • 117
3
votes
1 answer

IKE Phase 1 Aggressive Mode exchange does not complete

I've configured a 3G IP Gateway of mine to connect using IKE Phase 1 Aggressive Mode with PSK to my openswan installation running on Ubuntu server 12.04. I've configured openswan as follows: /etc/ipsec.conf: version 2.0 config setup …
Isaac Sutherland
  • 767
  • 2
  • 9
  • 16
2
votes
0 answers

Cisco ASA VPN DH Groups for AWS VPC

AWS provides a neat function in its VPC that exposes a VPN service. I've configured this, and confirmed that it functions. Our customer is using a Cisco 5500 Series ASA appliance to connect to the AWS VPN service. The FAQ provided my AWS describes…
belial
  • 253
  • 2
  • 7
2
votes
0 answers

What could cause racoonctl to show a Phase2 count higher than the number of ports racoon is listening on?

In my setup I have some EC2 instances in different regions linked by GRE tunnels, using ISAKMP via racoon. This setup is inherited, so bear with me if I fumble with terminology. Sometimes I get weird output from racoonctl -ll show-sa isakmp (pardon…
2rs2ts
  • 325
  • 3
  • 11
2
votes
3 answers

VLAN over VPN (ASA 5520)? if not any other options available?

Is it possible to extend the local VLANs to a Remote site connected by IPSEC VPN using ASA 5520 / Cisco 1841 DSL router. can we have many VPN tunnels between the ASAs? (from every VLAN one vpn each?) if not any other options/combinations…
user204051
  • 21
  • 1
  • 2
2
votes
0 answers

ipsec IKE phase 1 failure

I have a wireless gateway that supports site-to-site IPSec. I have configured openswan on Ubuntu Server 12.04 (left side of the tunnel) with the following /etc/ipsec.conf: version 2.0 config setup nat_traversal=yes …
Isaac Sutherland
  • 767
  • 2
  • 9
  • 16
2
votes
0 answers

Sending L2tp/IPsec PSK client packets to OpenSwan server

I'm trying (kind of) to create VPN client, I set my server on Ubuntu using OpenSwan (L2tp/IPsec PSK). What I'm doing right now is sending packets to my server and trying to exchange my keys with the server. And here is the thing I am confused about:…
Stigi
  • 121
  • 1
1
vote
1 answer

Protecting wired LAN from packet sniffers

How one encrypts traffic in wired LAN segment? Can IPv6 in combination with IPSec be configured for IKE/ISAKMP authentication? OR Will I drown in configuring appropriate IKE host-to-host rules for the ISAKMP? OR Should I look towards 802.1X-2010…
P. D
  • 11
  • 1
1
vote
1 answer

vpnc debian configuration for isakmp

i need to connect site-to-site VPN from my debian server i have hosts, peer and isakmp key how should i configure vpnc to use isakmp ? or if you can point me to good vpnc documentation which i wasn't able to find or some other tutorial all tutorials…
MySqlError
  • 111
  • 1
0
votes
1 answer

Difference between ISAKMP exchanges types IKE_SA_INIT and Identity protection

I have some Wireshark traces to see how ISAKMP works. This traces were taken from peers when a IPsec tunnel is stablished. It seems that the traces display a different IPsec implementation. When IKE phase 1 takes place sometimes i see packets…
MABC
  • 203
  • 1
  • 5
  • 11
0
votes
1 answer

User can access Windows based Apache sites but not linux Apache server over site-to-site VPN

I have a user (Win 7 Pro 64-bit) in a satellite office (10.1.0.0/24) that is trying to access web services in our main office (10.0.0.0/16) over a site-to-site VPN between a a Meraki MX60W and a Meraki MX80. They are able to access sites that are…
Dan
  • 852
  • 1
  • 8
  • 27
-2
votes
3 answers

ISAKMP Allows Weak IPsec Encryption Settings (PCI compliance)

I am working on a client's PCI compliance. One of the failing items is: 3.1.5. ISAKMP Allows Weak IPsec Encryption Settings (ipsecweakencryptionsettings) The solution given is: "Modify the ISAKMP settings to only allow secure encryption algorithms…
Aegyptus
  • 47
  • 1
  • 5