[Openswan Users] IKE / ESP

David Prestwich dprestwich at pacsim.com
Thu Nov 18 18:05:14 CET 2004


What do I set the ike and esp values to for Openswan when the other end 
is a cisco concentrator?  I'm failing on the second proposal and believe 
it has to do with my settings.

###Cisco specs ###
1. Peer IP address - X.X.X.X
2. Preshared Key - as discussed
3. IKE proposal -- proposed
Authentication Mode - preshare
Authentication Algorithm- SHA/HMAC
Encryption Algorithm - 3DES-168
Diffie-Hellman Group- group 2
Data Lifetime - 10000 kilobytes (KB).
Time Lifetime - 86400 Sec
4. IPSec SA -- proposed
Authentication Algorithm - ESP/SHA/HMAC-160
Encryption Algorithm - 3DES 168
Encapsulation Mode - tunnel
Lifetime Measurement - both (data/time)
data lifetime - 10000 kilobytes (KB)
time lifetime - 28800 seconds

I've only done the 3DES-md5 one - not sure about the settings for sha


More information about the Users mailing list