ignoring informational payload, type INVALID_COOKIE msgid=00000000
- by user197279
I'm configuring a site-to-site vpn between openswan ipsec and cisco asa 5540. After the step, i started ipesc service but the error i'm seeing is:
ignoring informational payload, type INVALID_COOKIE msgid=00000000
Nov 5 09:42:30 pluto[11712]: "myVPN" #1: received and ignored informational message
Nov 5 09:42:51 pluto[11712]: "myVPN" #1: ignoring informational payload, type INVALID_COOKIE msgid=00000000
Nov 5 09:42:51 pluto[11712]: "myVPN" #1: received and ignored informational message
Nov 5 09:43:30 pluto[11712]: "myVPN" #1: max number of retransmissions (2) reached STATE_MAIN_I2
Nov 5 09:43:30 pluto[11712]: "myVPN" #1: starting keying attempt 2 of at most 3
Any advise why I'm getting this error on openswan?
Also sudo ipsec whack --status gives:
"myVPN": 10.0.xx.0/24===10.0.7x.x[54.209.y.yyy,+S=C]---10.0.xx.x...10.0.70.x---41.22x.4.xx<41.22x.4.xx[+S=C]===41.22y.4.yyy/32; unrouted; eroute owner: #0
000 "myVPN": myip=54.209.zz.zz; hisip=unset;
000 "myVPN": ike_life: 86400s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "myVPN": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,32; interface: eth0;
000 "myVPN": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "myVPN": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)_000-MODP1024(2); flags=-strict
000 "myVPN": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-MODP1024(2)
000 "myVPN": ESP algorithms wanted: AES(12)_256-SHA1(2)_000; flags=-strict
000 "myVPN": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000
000 #5: "myVPN":500 STATE_MAIN_I2 (sent MI2, expecting MR2); EVENT_RETRANSMIT in 8s; nodpd; idle; import:admin initiate
000 #5: pending Phase 2 for "myVPN" replacing #0
Thanks.
