<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<small>Can anyone help me get out of the trouble <br>
<br>
i try to establish a Ipsec vpn from Cisco ios and Linux openswan <br>
<br>
here is the topology</small><br>
<br>
<small>______________</small><br>
|<small>Cisco IOS |------------(gateway:public address
)--------------------(Centos openswan)</small><br>
<small> | | public address:<font
color="#ff0000">dynamic</font>
public address :8.8.8.8<br>
192.168.1.253
private address :
192.168.0.1/24 on the it virtual adapter<br>
<br>
<br>
and my configuration file of Cisco IOS and openswan<br>
<br>
<br>
CIsco :<br>
--------------------------------------------Cisco----------------<br>
crypto isakmp policy 10<br>
encr 3des<br>
hash md5<br>
authentication pre-share<br>
group 2<br>
crypto isakmp key <font color="#ff0000">cisco</font> address
8.8.8.8<br>
!<br>
crypto ipsec transform-set vps esp-3des esp-md5-hmac <br>
!<br>
<br>
<br>
!<br>
crypto map vps 10 ipsec-isakmp <br>
set peer 8.8.8.8<br>
set security-association lifetime seconds 86400<br>
set transform-set vps <br>
set pfs group2<br>
match address vps<br>
<br>
ip access-list extended vps<br>
permit gre host 192.168.1.253 host 8.8.8.8 <font
color="#ff0000"> #they are the source and destination address of
GRE tunnel on Cisco IOS</font><br>
---------------------------------------------------------------------<br>
<br>
<br>
<br>
<br>
Openswan<br>
-----------------------------------Openswan----------------------------<br>
version 2.0<br>
<br>
config setup<br>
#interfaces=%defaultroute<br>
protostack=netkey<br>
nat_traversal=yes<br>
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10<br>
oe=off<br>
dumpdir=/var/run/pluto/<br>
plutostderrlog=/var/log/pluto.log<br>
nhelpers=0<br>
disable_port_floating=no<br>
<br>
conn %default<br>
rekey=no<br>
<br>
conn GRE<br>
authby=secret<br>
pfs=no<br>
auto=add<br>
type=<font color="#ff0000">tunnel</font><br>
keyexchange=ike<br>
ike=3des-md5<br>
phase2alg=3des-md5<br>
<br>
left=8.8.8.8<br>
leftprotoport=<font color="#ff0000">47</font>/%any<br>
leftupdown="ipsec _updown --route yes"<br>
leftsubnet=192.168.0.1/32 <font
color="#ff0000">##actually , this is a address on Virtual
network adapter of Centos<br>
</font><br>
right=%any<br>
rightprotoport=<font color="#ff0000">47</font>/%any<br>
rightsubnet=192.168.1.253/32 <font color="#ff0000">
#192.168.1.253 is the interface ip address of
Cisco IOS, it is behind the WAN.<br>
<br>
-------------------------------------------------------------------<br>
<font color="#000000">[root@vultr ~]# cat
/etc/ipsec.secrets
<br>
#
<br>
include
/etc/ipsec.d/*.secrets
<br>
8.8.8.8 %any : PSK "cisco" <br>
<br>
and the error ouput:<br>
packet from 113.111.97.145:5609: received Vendor ID payload
[RFC 3947] method set to=109 <br>
packet from 113.111.97.145:5609: ignoring unknown Vendor ID
payload [439b59f8ba676c4c7737ae22eab8f582]<br>
packet from 113.111.97.145:5609: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using
method 109<br>
packet from 113.111.97.145:5609: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using
method 109<br>
"GRE"[1] 113.111.97.145 #83: responding to Main Mode from
unknown peer 113.111.97.145<br>
"GRE"[1] 113.111.97.145 #83: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1<br>
<font color="#ff0000">"GRE"[1] 113.111.97.145 #83:
STATE_MAIN_R1: sent MR1, expecting MI2<br>
</font><br>
</font></font>it just keeping a the 5/6 isakmp message .<br>
<br>
<br>
i am so confusing why it stuck in the isakmp neigotiation.<br>
<br>
i established successful before, but i dont know what line i
removed.<br>
<br>
please get help <br>
thanks<br>
<br>
<br>
</small>
</body>
</html>