<div dir="ltr">Thanks Mike. I've double-checked both the secret and the addresses in ipsec.secrets. Also tried changing pfs to no. Still the same error. I don't have any ability to do any debugging or change any settings on the Cisco device. I have asked them to see if there is anything helpful getting logged, but so far no response.<br>
</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 19, 2014 at 10:18 AM, Mike Johnston <span dir="ltr"><<a href="mailto:mjohnston@wiktel.com" target="_blank">mjohnston@wiktel.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>I'm not too well versed on this stuff,
but I have a few thoughts for you:<br>
<ul>
<li>Make sure your secrets match.</li>
<li>Make sure the IP addresses in your secrets file are
accurate.</li>
<li>Try doing some debugging on the ASA.</li>
<ul>
<li>debug crypto isakmp 200 or even debug crypto isakmp 255</li>
<li>debug crypto ipsec</li>
</ul>
<li>I never could get pfs to work between Openswan and a Cisco
firewall. Try temporarily turning off pfs on both ends and
see if you get any better luck.</li>
</ul>
</div>
</div>
<br>_______________________________________________<br>
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a><br>
<a href="https://lists.openswan.org/mailman/listinfo/users" target="_blank">https://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
<br></blockquote></div><br></div>