Bug #4719
Updated by Chris Buechler about 8 years ago
Affected version is 2.2.2 and 2.2.3. IKEv2 to Cisco ASA won't come up when initiation is triggered by traffic matching the P2. It results in the following on the ASA. <pre> Local:172.27.44.49:500 Remote:172.27.44.26:500 Username:172.27.44.26 IKEv2 Tunnel rejected: Crypto Map Policy not found for remote traffic selector 192.168.152.0/192.168.152.255/0/65535/0 local traffic selector 192.168.25.0/192.168.25.255/0/65535/0! </pre> But if you run 'ipsec up con1', it comes up and works fine. It also rekeys fine on its own. Downgrading the system to 2.2.1 fixes the issue. strongswan going from 5.2.1 to 5.3.0 is the significant difference between those versions, but strongswan 5.3.0 on Linux does not exhibit the same problem.