[Openswan Users] IOS Cisco - bug

David Prestwich dprestwich at pacsim.com
Wed Feb 11 08:41:50 CET 2004

Hello all,

I am using an outdated freeswan 1.95 that works great but doesn't have 
all the functionality that the newer versions have.  (I plan on 
upgrading just need the time and resources).  I've ran into a little 
snag with a cisco IOS version 12.2 this past week and I know that it is 
a fault in the way it runs their proposal.  In essence, freeswan sends 
out all the proposals as it should yet IOS fails on the first proposal 
of 3DES because the domain admin on the other side has set the 
configuration to DES.  I asked if he would switch this to 3DES but he 
states he can't until he does an upgrade on their side to allow 3DES.  
During the connection the SA is established but no proposal is chosen 
because their side does not want to get set to 3DES.  I can use DES on 
my 1.95 version and am using it currently with several sites.  My 
question is:  (and I'm pretty sure I know the answer) can I set 1.95 to 
tell it which level of encryption to use?  I know in the newer version 
you can define say DES or 3DES but can you do this with the older ones?  
I don't think that you can.  Any feedback would be great.  Thanks.


More information about the Users mailing list