<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Paul, <br>
I tested with openswan 2.4.0 and now I get this:<br>
<br>
[root@bersol01 root]# ipsec auto --verbose --up ipsec01<br>
002 "ipsec01" #7: initiating Main Mode<br>
104 "ipsec01" #7: STATE_MAIN_I1: initiate<br>
002 "ipsec01" #7: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2<br>
106 "ipsec01" #7: STATE_MAIN_I2: sent MI2, expecting MR2<br>
003 "ipsec01" #7: received Vendor ID payload [Cisco-Unity]<br>
003 "ipsec01" #7: received Vendor ID payload [Dead Peer Detection]<br>
003 "ipsec01" #7: ignoring unknown Vendor ID payload
[56e1df652f29ef4f3ba996a2cb50d8de]<br>
003 "ipsec01" #7: received Vendor ID payload [XAUTH]<br>
002 "ipsec01" #7: I did not send a certificate because I do not have
one.<br>
002 "ipsec01" #7: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3<br>
108 "ipsec01" #7: STATE_MAIN_I3: sent MI3, expecting MR3<br>
003 "ipsec01" #7: Informational Exchange message is invalid because it
has a Message ID of 0<br>
010 "ipsec01" #7: STATE_MAIN_I3: retransmission; will wait 20s for
response<br>
003 "ipsec01" #7: Informational Exchange message is invalid because it
has a Message ID of 0<br>
<br>
It seems to be the same error. What parameter should the cisco admin
check?<br>
Can I test first with Aggressivce Mode and later with xauth?<br>
<br>
Thanks<br>
Oliver<br>
<br>
Paul Wouters wrote:
<blockquote cite="midPine.LNX.4.63.0511012347090.1099@tla.xelerance.com"
type="cite">
<pre wrap="">On Tue, 1 Nov 2005, Oliver Schulze L. wrote:
</pre>
<blockquote type="cite">
<pre wrap="">just for documentation, here is the error I get when connecting to the Cisco
router:
# ipsec auto --up ipsec1
104 "ipsec1" #1: STATE_MAIN_I1: initiate
106 "ipsec1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "ipsec1" #1: ignoring Vendor ID payload [Cisco-Unity]
003 "ipsec1" #1: received Vendor ID payload [Dead Peer Detection]
003 "ipsec1" #1: ignoring Vendor ID payload [9cc83e6429429743...]
003 "ipsec1" #1: received Vendor ID payload [XAUTH]
108 "ipsec1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "ipsec1" #1: encrypted Informational Exchange message is invalid because
it is for incomplete ISAKMP SA
010 "ipsec1" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "ipsec1" #1: encrypted Informational Exchange message is invalid because
it is for incomplete ISAKMP SA
010 "ipsec1" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
I'm not in the works of trying the new openswan 2.4.0 using the .rpms from
atrpms provided by Mitja
</pre>
</blockquote>
<pre wrap=""><!---->
Ask your Cisco administrator what the paramters of your connection should be.
It looks like you need XAUTH, see doc/XAUTH*. You might also need Aggressive mode.
Paul
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Oliver Schulze L.
<a class="moz-txt-link-rfc2396E" href="mailto:oliver@samera.com.py"><oliver@samera.com.py></a></pre>
</body>
</html>