[Openswan Users] connection to CISCO 1720, NO_PROPOSAL_CHOSEN
Ken Bantoft
ken at xelerance.com
Thu Mar 11 15:12:58 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 11 Mar 2004, Joachim Gruhn wrote:
> hi,
> I have problems to establish a VPN tunnel from a SuSE Linux 9 host with
> FreeS/Wan 1.99 installation to a CISCO 1720 VPN Gateway where the linux
> box is the initiator. The proposol payloads (4) initiating the QUICK
> MODE (I1) will not be accetpted by the CISCO 1720. The first two
> transform payloads offers ESP_AES encryption which are not supported by
> the 1720. The last two transform payloads offers ESP_3DES which should
> be accepted by the 1720, but did not appear in the trace of the CISCO
> Gateway. The sequence ends up with a notification payload
> "NO_PROPOSAL_CHOSEN" at the freeswan side.
> If the CISCO VPN Gateway acts as the initiator, a connection can be
> established and everything seems fine.
> It is a bug in freeswan? Is it possible to disable a specific encryption
> (ESP_AES) for a specific connection definition?
> Any idea is welcome.
You aren't using stock FreeS/WAN if it's proposing AES. Read the
HOWTO.ipsec_alg docs that come with the alg patch, you'll see you can do:
esp=3des-md5-96
Or similar to limit the proposals used.
- --
Ken Bantoft VP Business Development
ken at xelerance.com Xelerance Corporation
sip://toronto.xelerance.com http://www.xelerance.com
The future is here. It's just not evenly distributed yet.
-- William Gibson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAUHPsPiOgilmwgkgRAkDrAJ9D9+0XepKEp5G7wlzxZp4ZmQ/nsACdFxJn
xeN28O1JkLQpHQ8SEzRkHrk=
=7gP4
-----END PGP SIGNATURE-----
More information about the Users
mailing list