[Openswan Users] incomplete ISAKMP SA
...
andrei
andrey at digicom.ro
Wed Mar 31 21:48:03 CEST 2004
Hi,
i try to make a VPN between openswan and cisco PIX
My openswan config is:
conn remote
type = tunnel
left=$MYIP
leftsubnet=$LOCALNET
leftnexthop=$MYGW
right=$PIXIP
rightsubnet=$REMOTENET
authby=secret
auth=esp
esp = 3des-sha-96
pfs=yes
auto=start
ikelifetime=64800s
the ipsec.secrets
$MYIP $PIXIP : PSK "secret"
* in log i get:
--------------
"remote" #6: protocol/port in Phase 1 ID Payload must be 0/0 or 17/500
but are 17/0
state transition function for STATE_MAIN_I3 failed:
INVALID_ID_INFORMATION
next event EVENT_RETRANSMIT in 10 seconds for #6
................................
remote" #3: encrypted Informational Exchange message is invalid
because it is for incomplete ISAKMP SA next event EVENT_RETRANSMIT in
10 seconds for #3
*time to handle event
event after this is EVENT_REINIT_SECRET in 3095 seconds
I use
openswan-2.1.1
Kernel-2.6.4
slack-9.0
What could be the problem ?
Thank you for any hint,
Andrei
More information about the Users
mailing list