<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.10.1">
</HEAD>
<BODY>
Thanks for the quick response. Yes I getting the No_PROPOSAL_CHOSEN both in the openswan machine and the pix router. What does that mean.<BR>
<BR>
Regards, Javi<BR>
<BR>
Log<BR>
--------------------------------------- <BR>
Jun 5 17:19:18 dmz pluto[7958]: | p15 state object #1 found, in STATE_MAIN_I4<BR>
Jun 5 17:19:18 dmz pluto[7958]: | processing connection ciemat<BR>
Jun 5 17:19:18 dmz pluto[7958]: | last Phase 1 IV: 84 f3 ab 64 03 0d ed d2<BR>
Jun 5 17:19:18 dmz pluto[7958]: | current Phase 1 IV: 84 f3 ab 64 03 0d ed d2<BR>
Jun 5 17:19:18 dmz pluto[7958]: | computed Phase 2 IV:<BR>
Jun 5 17:19:18 dmz pluto[7958]: | 6b b1 bb f7 05 63 d2 69 8c 75 ba 04 91 3a 5b 43<BR>
Jun 5 17:19:18 dmz pluto[7958]: | received encrypted packet from 192.101.166.131:500<BR>
Jun 5 17:19:18 dmz pluto[7958]: | decrypting 88 bytes using algorithm OAKLEY_3DES_CBC<BR>
Jun 5 17:19:18 dmz pluto[7958]: | decrypted:<BR>
Jun 5 17:19:18 dmz pluto[7958]: | next IV: 24 bf fc 05 ce cf 5f 79<BR>
Jun 5 17:19:18 dmz pluto[7958]: | ***parse ISAKMP Hash Payload:<BR>
Jun 5 17:19:18 dmz pluto[7958]: | next payload type: ISAKMP_NEXT_N<BR>
Jun 5 17:19:18 dmz pluto[7958]: | length: 20<BR>
Jun 5 17:19:18 dmz pluto[7958]: | ***parse ISAKMP Notification Payload:<BR>
Jun 5 17:19:18 dmz pluto[7958]: | next payload type: ISAKMP_NEXT_NONE<BR>
Jun 5 17:19:18 dmz pluto[7958]: | length: 64<BR>
Jun 5 17:19:18 dmz pluto[7958]: | DOI: ISAKMP_DOI_IPSEC<BR>
Jun 5 17:19:18 dmz pluto[7958]: | protocol ID: 3<BR>
Jun 5 17:19:18 dmz pluto[7958]: | SPI size: 4<BR>
Jun 5 17:19:18 dmz pluto[7958]: | Notify Message Type: NO_PROPOSAL_CHOSEN<BR>
Jun 5 17:19:18 dmz pluto[7958]: | removing 4 bytes of padding<BR>
Jun 5 17:19:18 dmz pluto[7958]: "lsk" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN<BR>
Jun 5 17:19:18 dmz pluto[7958]: | processing informational NO_PROPOSAL_CHOSEN (14)<BR>
Jun 5 17:19:18 dmz pluto[7958]: "lsk" #1: received and ignored informational message<BR>
Jun 5 17:19:18 dmz pluto[7958]: | complete state transition with STF_IGNORE<BR>
Jun 5 17:19:18 dmz pluto[7958]: | next event EVENT_RETRANSMIT in 9 seconds for #2<BR>
Jun 5 17:19:27 dmz pluto[7958]: |<BR>
Jun 5 17:19:27 dmz pluto[7958]: | *time to handle event<BR>
Jun 5 17:19:27 dmz pluto[7958]: | handling event EVENT_RETRANSMIT<BR>
Jun 5 17:19:27 dmz pluto[7958]: | event after this is EVENT_PENDING_PHASE2 in 97 seconds<BR>
Jun 5 17:19:27 dmz pluto[7958]: | processing connection lsk<BR>
Jun 5 17:19:27 dmz pluto[7958]: | handling event EVENT_RETRANSMIT for 192.101.166.131 "lsk" #2<BR>
Jun 5 17:19:27 dmz pluto[7958]: | sending 148 bytes for EVENT_RETRANSMIT through eth0:500 to a.b.c.d:500:<BR>
<BR>
El lun, 05-06-2006 a las 16:11 +0100, Brian Candler escribió:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On Mon, Jun 05, 2006 at 05:04:37PM +0200, Javier Perez-Griffo wrote:</FONT>
<FONT COLOR="#000000">> 117 "</FONT>lsk<FONT COLOR="#000000">" #2: STATE_QUICK_I1: initiate</FONT>
<FONT COLOR="#000000">> 010 "</FONT>lsk<FONT COLOR="#000000">" #2: STATE_QUICK_I1: retransmission; will wait 20s for</FONT>
<FONT COLOR="#000000">> response</FONT>
<FONT COLOR="#000000">When I've seen this it turned out that the far end didn't like our proposal</FONT>
<FONT COLOR="#000000">(e.g. disagreement on cipher or PFS settings, or on the protected subnets).</FONT>
<FONT COLOR="#000000">tcpdump -v may show a NO_PROPOSAL_CHOSEN informative message. Debugging on</FONT>
<FONT COLOR="#000000">the Cisco side will give you more detailled information: in IOS it's</FONT>
<FONT COLOR="#000000"> debug crypto isakmp</FONT>
<FONT COLOR="#000000">but I expect there's something similar on the PIX.</FONT>
<FONT COLOR="#000000">HTH,</FONT>
<FONT COLOR="#000000">Brian.</FONT>
</PRE>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
<PRE>
--
+----------------------------------------------------+
Javier Perez-Griffo Callejon
Network & Security Administrator
CETA-lsk
Paseo Ruiz de Mendoza, nº 8
10200 Trujillo(Caceres), Spain
Tel: +34 927321934
Email: <A HREF="mailto:Javier.Perez-Griffo@ciemat.es">Javier.Perez-Griffo@</A>lsk<A HREF="mailto:Javier.Perez-Griffo@ciemat.es">.es</A>
+----------------------------------------------------+
</PRE>
</TD>
</TR>
</TABLE>
</BODY>
</HTML>