<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style>
<!--
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
.MsoChpDefault
{}
@page WordSection1
{margin:1.0in 1.0in 1.0in 1.0in}
div.WordSection1
{}
-->
</style>
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">I have openswan ver 2.6.28 connecting to an Cisco ASA 5510’s running version 8.4. The openswan side has 1 subnet and the ASA side has four subnets so 4 tunnels are expected but only one tunnel comes up. The cisco gives error processing
payload; payload ID 1. The openswan gives received and ignored informational payload No_Proposal_Chosen msgid=00000000</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The openswan side of the connection is </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">conn CHRSUB</p>
<p class="MsoNormal"> authby=secret</p>
<p class="MsoNormal"> auto=start</p>
<p class="MsoNormal"> phase2=esp</p>
<p class="MsoNormal"> phase2alg=aes192-sha1;modp1024</p>
<p class="MsoNormal"> ike=aes192-sha1;modp1024</p>
<p class="MsoNormal"> left=166.251.X.X</p>
<p class="MsoNormal"> leftsubnet=172.31.6.0/24</p>
<p class="MsoNormal"> leftupdown="ipsec _updown --route yes"</p>
<p class="MsoNormal"> pfs=no</p>
<p class="MsoNormal"> right=216.77.X.X</p>
<p class="MsoNormal"> rightsubnets={10.1.0.0/16 10.20.30.0/24 10.4.1.0/24 172.22.0.0/24}</p>
<p class="MsoNormal"> rightupdown="ipsec _updown --route yes"</p>
<p class="MsoNormal"> type=tunnel</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">The ASA config is below</p>
<p class="MsoNormal">CORPORATE VPN SUBNETS</p>
<p class="MsoNormal">object-group network NET-CORP-VPN</p>
<p class="MsoNormal">network-object 10.1.0.0 255.255.0.0</p>
<p class="MsoNormal">network-object 10.4.1.0 255.255.255.0</p>
<p class="MsoNormal">network-object 10.20.30.0 255.255.255.0</p>
<p class="MsoNormal">network-object 172.22.0.0 255.255.255.0</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">--SUBSTATION VPN SUBNET</p>
<p class="MsoNormal">object-group network NET-CHR-VPN</p>
<p class="MsoNormal">network-object 172.31.6.0 255.255.255.0</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">--NETWORKS ALLOWED ACROSS VPN</p>
<p class="MsoNormal">access-list acl-chr-vpn extended permit ip object-group NET-CORP-VPN object-group NET-CHR-VPN
</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">--NAT EXEMPTION STATEMENT FOR VPN</p>
<p class="MsoNormal">nat (inside,any) source static NET-CORP-VPN NET-CORP-VPN destination static NET-CHR-VPN NET-CHR-VPN no-proxy-arp route-lookup</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">--CRYPTO MAP</p>
<p class="MsoNormal">crypto map outside_map 50 match address acl-chr-vpn</p>
<p class="MsoNormal">crypto map outside_map 50 set peer 166.251.73.50</p>
<p class="MsoNormal">crypto map outside_map 50 set ikev1 transform-set ESP-AES-192-SHA</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">--TUNNEL GROUP AND PRE-SHARED KEY</p>
<p class="MsoNormal">tunnel-group 166.251.X.X type ipsec-l2l</p>
<p class="MsoNormal">tunnel-group 166.251.X.X general-attributes</p>
<p class="MsoNormal">default-group-policy L2L</p>
<p class="MsoNormal">tunnel-group 166.251.X.X ipsec-attributes</p>
<p class="MsoNormal">ikev1 pre-shared-key MTEMCSUB</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Daren Hickman</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Manager, Field Application Consultants</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Siemens Industry, Inc.</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Industry Automation</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Sensors and Communication</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">1911 Harrison Street</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Hollywood, FL 33020</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">Toll Free: (877) 245-1750 X101</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">T: (954) 922-7938 X101</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">F: (954) 922-7984</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">M: (954) 805-4948</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif""> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">E:
<a href="mailto:jeffrey.lewin@siemens.com"><span style="color:blue">daren.hickman@siemens.com</span></a></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:"Arial","sans-serif"">W: usa.siemens.com</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"><span style="font-size:8.0pt; font-family:"Arial","sans-serif"">Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply
e-mail and delete this e-mail and its attachments from your system. Thank you.</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> </p>
</div>
<div>
<p style="font-size:9.0pt">This message and any attachments are solely for the use of intended recipients. The information contained herein may include trade secrets, protected health or personal information, privileged or otherwise confidential information.
Unauthorized review, forwarding, printing, copying, distributing, or using such information is strictly prohibited and may be unlawful. If you are not an intended recipient, you are hereby notified that you received this email in error, and that any review,
dissemination, distribution or copying of this email and any attachment is strictly prohibited. If you have received this email in error, please contact the sender and delete the message and any attachment from your system. Thank you for your cooperation</p>
</div>
</body>
</html>