[Openswan Users] IKE / ESP
David Prestwich
dprestwich at pacsim.com
Sat Nov 20 09:09:19 CET 2004
David Prestwich wrote:
> What do I set the ike and esp values to for Openswan when the other
> end is a cisco concentrator? I'm failing on the second proposal and
> believe it has to do with my settings.
>
> ###Cisco specs ###
> 1. Peer IP address - X.X.X.X
> 2. Preshared Key - as discussed
> 3. IKE proposal -- proposed
> Authentication Mode - preshare
> Authentication Algorithm- SHA/HMAC
> Encryption Algorithm - 3DES-168
> Diffie-Hellman Group- group 2
> Data Lifetime - 10000 kilobytes (KB).
> Time Lifetime - 86400 Sec
> 4. IPSec SA -- proposed
> Authentication Algorithm - ESP/SHA/HMAC-160
> Encryption Algorithm - 3DES 168
> Encapsulation Mode - tunnel
> Lifetime Measurement - both (data/time)
> data lifetime - 10000 kilobytes (KB)
> time lifetime - 28800 seconds
>
> I've only done the 3DES-md5 one - not sure about the settings for sha
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> I
I can get past the Phase I on the default settings but I'm failing on
the second phase. I just did an ethereal dump on the exchange and I
think that the cisco is trying to use SHA2 for some reason. I have the
built in module - but am unable to get the right configuration for esp.
More information about the Users
mailing list