[Openswan Users] Re: aggressive mode to Cisco 3000
David Edmondson
dme at dme.org
Wed Dec 15 09:36:23 CET 2004
* ken at xelerance.com [2004-12-14 19:48:15]
> I suspect the phase 2 proposals don't match, since the Cisco is
> proposing something odd (17/0) and we aren't doing that.
>
> Perhaps adding leftprotoport=17/0 and/or rightprotoport=17/0 might
> make it happier.
It seems that the proto has to be the same for both left and right,
else whack complains. I tried 17/0, 0/0 and 17/500 (for both left and
right), but none of them seemed to help :-)
Turning on some more debugging reveals that after:
"vpngw" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+MODECFGPULL+AGGRESSIVE {using isakmp#1}
almost immediately (within 2 seconds) there is:
"vpngw" #1: received Delete SA payload: deleting ISAKMP State #1
Is that to be expected? It doesn't _sound_ good.
dme.
More information about the Users
mailing list