[Openswan Users]
Roadwarrior access to Symantec Enterprise Firewall 8.0
Marc von Jaduczynski
marc at visionalive.de
Sun Jul 11 19:15:38 CEST 2004
Hi,
does anyone know of a working configuration in this constellation
(Openswan client --> Symantec EF 8.0 Server)?
I want to give users roadwarrior access to an internal network. The
gateway is a Symantec firewall running on Solaris. The firewall uses
XAUTH to be able to authenticate users with RSA Securid tokens.
I have no trouble connecting using gateway-to-gateway mode but in
client-to-gateway the negotiation stops at phase 1 with the message
"NO_PROPOSAL_CHOSEN". The firewall is configured to use 3DES,SHA1/MD5
and DH Group 2, which should be exactly the desired profile for openswan.
I'm thinking it might not work because of openswan's missing support for
aggressive mode. Can anyone shed any light on this?
Openswan configuration is as follows:
ipsec.conf
------------
left=1.1.1.1
right=2.2.2.2
leftid=@user
leftxauthclient=yes
rightxauthserver=yes
rightsubnet=192.168.0.0/24
authby=secret
ipsec.secrets
-------------
2.2.2.2 @user "SHAREDSECRET"
if I turn off xauth i get "PAYLOAD_MALFORMED" but I guess this is
expected behaviour and should not have anything to do with the problem.
thanks
Marc von Jaduczynski
More information about the Users
mailing list