<span style="background-color: rgb(255, 255, 0);">Correction</span><br><br><div class="gmail_quote">On Thu, Feb 28, 2008 at 11:24 AM, Khan, Hammad Aslam <<a href="mailto:raohammad@gmail.com">raohammad@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><pre><font face="Courier New" size="2"><span style="font-size: 10pt;"><font face="arial,sans-serif">Hi All,<br>
I am supposed to connect to a VPN Concentrator 3000 series CISCO on remote end and Linux Fedora Core 6 on my End with <span style="background-color: rgb(255, 255, 0);">OpenSWAN</span> installed;<br>
<br><b>While trying to connect to remote end; I stuck on </b><br></font></span></font><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><font color="#ff6666"><span style="color: rgb(255, 102, 102);">117 "</span></font></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;">connectionName</span></font><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><font color="#ff6666"><span style="color: rgb(255, 102, 102);">" #2:STATE_QUICK_I1: initiate<br>
010 "</span></font></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;">connectionName</span></font><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><font color="#ff6666"><span style="color: rgb(255, 102, 102);">" #2: STATE_QUICK_I1: retransmission; will wait 20s for response<br>
010 "</span></font></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;">connectionName</span></font><font face="Times New Roman" size="3"><span style="font-size: 12pt;"><font color="#ff6666"><span style="color: rgb(255, 102, 102);">" #2: STATE_QUICK_I1: retransmission; will wait 40s for response</span></font></span></font><br>
<font face="Courier New" size="2"><span style="font-size: 10pt;"><br><b style="font-family: arial,sans-serif;">Remote End Company says (VPN Concentrator CISCO 3000 series)</b><br>Please check your side policy. There is a miss match.</span></font></pre>
<pre><font face="Courier New" size="2"><span style="font-size: 10pt;">14719 02/26/2008 13:07:45.600 SEV=4 IKE/61 RPT=40382 </span></font><a href="http://58.27.207.70/" target="_blank"><font face="Courier New" size="2"><span style="background: yellow none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 10pt;"></span></font></a><font face="Courier New" size="2"><a href="http://58.27.207.70/" target="_blank">my.host.ip.add</a></font><font face="Courier New" size="2"><span style="font-size: 10pt;"> </span></font></pre>
<pre><font face="Courier New" size="2"><span style="background: yellow none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 10pt;">Group [<a href="http://58.27.207.70/" target="_blank">my.host.ip.add</a>]</span></font></pre>
<pre><font face="Courier New" size="2"><span style="background: yellow none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 10pt;">Tunnel rejected: Policy not found for Src:<a href="http://10.5.125.105/" target="_blank">my.private.server.add</a>, Dst: <a href="http://172.18.104.244/" target="_blank">remote.private.ip.add</a>!</span></font></pre>
<pre><font face="Courier New" size="2"><span style="font-size: 10pt;"><br><b><span style="font-family: arial,sans-serif;">My Connection Config</span></b><br>conn connectionName<br> type=tunnel<br> authby=secret # secret key<br>
auth=esp<br> pfs=no<br> esp=3des-md5-96<br> left=</span></font><font face="Courier New" size="2"><span style="background: yellow none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 10pt;"><a href="http://58.27.207.70/" target="_blank">my.host.ip.add</a></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;"> # <br>
leftsubnet=</span></font><font face="Courier New" size="2"><span style="background: yellow none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 10pt;"><a href="http://10.5.125.105/" target="_blank">my.private.server.add</a></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;"> <br>
#leftnexthop=<a href="http://192.168.100.11" target="_blank">192.168.100.11</a> #second eth of my OpenVPS machine connected to my provate network<br> right=<a href="http://202.69.9.240" target="_blank">202.69.9.240</a> # my peer's external, internet-routable ip address=<br>
rightsubnet=</span></font><font face="Courier New" size="2"><span style="background: yellow none repeat scroll 0% 50%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-size: 10pt;"> <a href="http://172.18.104.244/" target="_blank">remote.private.ip.add</a></span></font><font face="Courier New" size="2"><span style="font-size: 10pt;">/32<br>
<br><br>config setup<br> interfaces="ipsec0=eth0"<br> plutodebug="all"<br><br><b style="font-family: arial,sans-serif;">Connection that we were supposed to make (Remote End Credentials that we need to match)</b></span></font><br>
</pre><table style="border-collapse: collapse; width: 408pt;" border="0" cellpadding="0" cellspacing="0" width="544"><col style="width: 211pt;" width="281">
<col style="width: 197pt;" width="263">
<tbody><tr height="18">
<td style="width: 211pt; font-family: arial,sans-serif;" height="18" width="281"><font size="2">Hardware</font></td>
<td style="width: 197pt; font-family: arial,sans-serif;" width="263"><font size="2">Cisco VPN Concentrator 3000</font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">DH Group</font></td>
<td style="font-family: arial,sans-serif;"><font size="2">Diffie-Helman Group 2</font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">Production Peer</font></td>
<td style="font-family: arial,sans-serif;"><font size="2"><a href="http://6.6.6.6" target="_blank">6.6.6.6</a></font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">Encryption Domain</font></td>
<td style="font-family: arial,sans-serif;"><font size="2"><a href="http://172.18.104.244" target="_blank">172.18.104.244</a></font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">Encryption</font></td>
<td style="font-family: arial,sans-serif;"><font size="2">3DES</font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">Authentication</font></td>
<td style="font-family: arial,sans-serif;"><font size="2">MD5</font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">Life Time</font></td>
<td style="font-family: arial,sans-serif;"><font size="2">86400 sec</font></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="2">PreShared Key</font></td>
<td style="font-family: arial,sans-serif;"><font size="2">"sharedKey"</font><br></td>
</tr>
<tr height="18">
<td style="font-family: arial,sans-serif;" height="18"><font size="1">Protocol</font></td>
<td style="font-family: arial,sans-serif;"><font size="1">ESP</font></td>
</tr>
</tbody></table><pre><br><font face="Courier New" size="2"><span style="font-size: 10pt;"><b style="font-family: arial,sans-serif;"><br></b><span style="font-family: arial,sans-serif;">How am I supposed to change policy to match above mentioned connection credentials.</span><b style="font-family: arial,sans-serif;"><br>
<br>Regards,<br></b></span></font></pre>
</blockquote></div><br>