[Openswan Users] Re: aggressive mode to Cisco 3000
Ken Bantoft
ken at xelerance.com
Wed Dec 15 09:55:18 CET 2004
On Wed, 2004-12-15 at 09:36 +0000, David Edmondson wrote:
> * ken at xelerance.com [2004-12-14 19:48:15]
> > I suspect the phase 2 proposals don't match, since the Cisco is
> > proposing something odd (17/0) and we aren't doing that.
> >
> > Perhaps adding leftprotoport=17/0 and/or rightprotoport=17/0 might
> > make it happier.
>
> It seems that the proto has to be the same for both left and right,
> else whack complains. I tried 17/0, 0/0 and 17/500 (for both left and
> right), but none of them seemed to help :-)
>
> Turning on some more debugging reveals that after:
>
> "vpngw" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP+MODECFGPULL+AGGRESSIVE {using isakmp#1}
>
> almost immediately (within 2 seconds) there is:
>
> "vpngw" #1: received Delete SA payload: deleting ISAKMP State #1
>
> Is that to be expected? It doesn't _sound_ good.
It means the other end told us to delete our SA for some reason.
Ken
More information about the Users
mailing list