<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Looks like the Cisco end isn't  set up properly to except request from the Amazon  elastic IP and your left subnet isn't correct either </div><div><br><div>Sent from my iPhone</div></div><div><br>On 12 Apr 2016, at 04:15, jude mwenda <<a href="mailto:judemwenda@gmail.com">judemwenda@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hey Newbie here,<div><br></div><div>I am trying to connect to an cisco ASA router with little success. The tunnel seems to fail to come up. The error I get is as follows.</div><div><br></div><div>







<p class=""><span class="">031 "connection-safcom/0x7" #16: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x7" #16: starting keying attempt 2 of an unlimited number, but releasing whack</span></p>
<p class=""><span class="">031 "connection-safcom/0x6" #15: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x6" #15: starting keying attempt 2 of an unlimited number, but releasing whack</span></p>
<p class=""><span class="">031 "connection-safcom/0x5" #14: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x5" #14: starting keying attempt 2 of an unlimited number, but releasing whack</span></p>
<p class=""><span class="">031 "connection-safcom/0x4" #13: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x4" #13: starting keying attempt 2 of an unlimited number, but releasing whack</span></p>
<p class=""><span class="">031 "connection-safcom/0x3" #12: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x3" #12: starting keying attempt 2 of an unlimited number, but releasing whack</span></p>
<p class=""><span class="">031 "connection-safcom/0x2" #11: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x2" #11: starting keying attempt 2 of an unlimited number, but releasing whack</span></p>
<p class=""><span class="">031 "connection-safcom/0x1" #10: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal</span></p>
<p class=""><span class="">000 "connection-safcom/0x1" #10: starting keying attempt 2 of an unlimited number, but releasing whack</span></p><div><br></div><div>My ipsec.conf looks as follows. Is there anything that I am missing or what could I be doing wrong? I do have the elastic ip from Amazon but also using the internal private IP seems not to yield any fruits. Any pointers?</div><div><br></div><div>







<p class=""><span class="">conn connection-safcom</span></p>
<p class=""><span class="">  authby=secret</span></p>
<p class=""><span class="">  auto=start</span></p>
<p class=""><span class="">  ikelifetime=24h</span></p>
<p class=""><span class="">  forceencaps=yes</span></p>
<p class=""><span class="">  keylife=8h</span></p>
<p class=""><span class="">  rekey=yes</span></p>
<p class=""><span class="">  ike=3des-md5;modp1024</span></p>
<p class=""><span class="">  #phase2alg=aes128-sha1</span></p>
<p class=""><span class="">  #aggrmode=yes</span></p>
<p class=""><span class="">  phase2=esp</span></p>
<p class=""><span class="">  phase2alg=3des-md5;modp1024</span></p>
<p class=""><span class="">  ## phase 1 ##</span></p>
<p class=""><span class="">  keyexchange=ike</span></p>
<p class=""><span class="">  ## phase 2 ##</span></p>
<p class=""><span class="">  #esp=3des-md5</span></p>
<p class=""><span class="">  #ike=aes128-sha1-modp1024</span></p>
<p class=""><span class="">  pfs=no</span></p>
<p class=""><span class="">  type=tunnel</span></p>
<p class=""><span class="">  left=%defaultroute</span></p>
<p class=""><span class="">  leftid=<Amazon elastic ip></span></p>
<p class=""><span class="">  leftsourceip=</span><Amazon elastic ip></p>
<p class=""><span class="">  leftsubnet=<a href="http://0.0.0.0/0">0.0.0.0/0</a></span></p>
<p class=""><span class="">  ##leftsubnet=</span><Amazon internal ip/subnet></p>
<p class=""><span class="">  leftnexthop=%defaultroute</span></p>
<p class=""><span class="">  ##leftprotoport=17/1701 ##</span></p>
<p class=""><span class="">  ## for direct routing ##</span></p>
<p class=""><span class="">  right= <remote IP></span></p></div><div><br></div><div>Thanks in advance</div>-- <br><div class="gmail_signature"><div dir="ltr"><div>Regards,<br><br>Jude Mwenda<br></div></div></div>
</div></div>
</div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br><span><a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a></span><br><span><a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a></span><br><span>Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a></span><br><span>Building and Integrating Virtual Private Networks with Openswan:</span><br><span><a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a></span></div></blockquote></body></html>