<div id="RTEContent"><br> Hi all,<br> <br> I'm stuck here in trying to make openswan connect to a netscreen 5xt appliance. Phase 1 is being accomplished, but fails on Phase 2 with the netscreen log indicating "IKE<w.x.y.z> Phase 2: Rejected proposals from peer. Negotiations failed."<br> <br> My ipsec.conf:<br> <br> conn weroam01<br> auto=add<br> pfs=yes<br> authby=secret<br> keyingtries=3<br> aggrmode=yes<br> ike=3des-sha1-modp1024<br> #<br> # left side = local<br> left=%defaultroute<br> &n
bsp;
leftsubnet=192.168.2.0/24<br> leftid=@road.warrior<br> #<br> # right side = netscreen<br> right=a.b.c.d<br> rightsubnet=10.200.2.0/24<br> rightid=@head.office<br> <br> <br> From the netscreen webui, here are the acceptable proposals:<br> <br> <table class="center" border="1" cellpadding="4" cellspacing="0" width="100%"> <tbody><tr class="title"><th>Name</th> <th>PFS</th> <th>Encap.</th> <th>Encrypt/Auth</th> <th>Life Time</th> <th>Life Size</th> <th colspan="2">Configure</th> </tr> <tr> <td class="center">nopfs-esp-des-md5</td> <td class="center">No PFS</td> <td class="center">ESP</td> <td class="center">DES/MD5</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colsp
an="2">
</td></tr> <tr> <td class="center">nopfs-esp-des-sha</td> <td class="center">No PFS</td> <td class="center">ESP</td> <td class="center">DES/SHA</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">nopfs-esp-3des-md5</td> <td class="center">No PFS</td> <td class="center">ESP</td> <td class="center">3DES/MD5</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">nopfs-esp-3des-sha</td> <td class="center">No PFS</td> <td class="center">ESP</td> <td class="center">3DES/SHA</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">nopfs-esp-aes128-md5</td> <td class="center">No PFS</td> <td class="center">ESP</td> <td class="center">AES128/MD5</td> <td class="center">3600</td> <td class="center">0</td> <td
class="center" colspan="2"> </td></tr> <tr> <td class="center">nopfs-esp-aes128-sha</td> <td class="center">No PFS</td> <td class="center">ESP</td> <td class="center">AES128/SHA</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">g2-esp-des-md5</td> <td class="center">DH Group 2</td> <td class="center">ESP</td> <td class="center">DES/MD5</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">g2-esp-des-sha</td> <td class="center">DH Group 2</td> <td class="center">ESP</td> <td class="center">DES/SHA</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">g2-esp-3des-md5</td> <td class="center">DH Group 2</td> <td class="center">ESP</td> <td class="center">3DES/MD5</td> <td class="center">3600</td> <td
class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">g2-esp-3des-sha</td> <td class="center">DH Group 2</td> <td class="center">ESP</td> <td class="center">3DES/SHA</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">g2-esp-aes128-md5</td> <td class="center">DH Group 2</td> <td class="center">ESP</td> <td class="center">AES128/MD5</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr> <tr> <td class="center">g2-esp-aes128-sha</td> <td class="center">DH Group 2</td> <td class="center">ESP</td> <td class="center">AES128/SHA</td> <td class="center">3600</td> <td class="center">0</td> <td class="center" colspan="2"> </td></tr></tbody> </table> <br> <br> Any help is greatly appreciated.<br> <br> Thanks in advance.<br> <br> <br> --- mike t.<br> </div><p>Send insta
nt
messages to your online friends http://uk.messenger.yahoo.com