[Openswan Users] IKE / ESP

David Prestwich dprestwich at pacsim.com
Sat Nov 20 09:09:19 CET 2004


David Prestwich wrote:

> What do I set the ike and esp values to for Openswan when the other 
> end is a cisco concentrator?  I'm failing on the second proposal and 
> believe it has to do with my settings.
>
> ###Cisco specs ###
> 1. Peer IP address - X.X.X.X
> 2. Preshared Key - as discussed
> 3. IKE proposal -- proposed
> Authentication Mode - preshare
> Authentication Algorithm- SHA/HMAC
> Encryption Algorithm - 3DES-168
> Diffie-Hellman Group- group 2
> Data Lifetime - 10000 kilobytes (KB).
> Time Lifetime - 86400 Sec
> 4. IPSec SA -- proposed
> Authentication Algorithm - ESP/SHA/HMAC-160
> Encryption Algorithm - 3DES 168
> Encapsulation Mode - tunnel
> Lifetime Measurement - both (data/time)
> data lifetime - 10000 kilobytes (KB)
> time lifetime - 28800 seconds
>
> I've only done the 3DES-md5 one - not sure about the settings for sha
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> I


I can get past the Phase I on the default settings but I'm failing on 
the second phase.  I just did an ethereal dump on the exchange and I 
think that the cisco is trying to use SHA2 for some reason.  I have the 
built in module - but am unable to get the right configuration for esp.




More information about the Users mailing list