Bug #4719

Updated by Chris Buechler over 8 years ago

Affected version is 2.2.2 and 2.2.3.  

 IKEv2 to Cisco ASA won't come up when initiation is triggered by traffic matching the P2. It results in the following on the ASA.  

 Local: Remote: Username: IKEv2 Tunnel rejected: Crypto Map Policy not found for remote traffic selector local traffic selector! 

 But if you run 'ipsec up con1', it comes up and works fine. It also rekeys fine on its own.  

 Downgrading the system to 2.2.1 fixes the issue. strongswan going from 5.2.1 to 5.3.0 is the significant difference between those versions, but strongswan 5.3.0 on Linux does not exhibit the same problem.