[Openswan Users] Cisco VPN Concentrator not responding
Luca
enz_tn2002 at yahoo.com
Thu Sep 9 16:15:21 CEST 2004
On Wed, 8 Sep 2004, Paul wrote:
> On Wed, 8 Sep 2004, Luca wrote:
> > But the cisco vpn don't responding. Why?
> Perhaps you have using Aggressive mode on the cisco? If
> possible, use MainMode instead of Aggressive mode.
> If aggressive mode is really needed, explicitely enable
> it in ipsec.conf for that connection.
Which parameter I must add to ipsec.conf for try with Aggressive Mode. I
searched in documentation but nothing.
When the vpn start from cisco I see the first packet on port 500 and this
packet in header ISAKMP the flags Exchange Type is equal 1 Main Mode from
ethereal.
I tried also with vpn client cisco on linux this work, in trace I see
a first packet on port 29476/udp from client to cicsco, response from cisco
concentrator with packet tcp SYN/ACK (without SYN) and another packet from
client to cisco on port 29476/udp.
200.x.x.x.1036 > 201.x.x.x.29746: udp 12 (DF)
201.x.x.x.10000 > 200.x.x.x.2345: S 18842116:18842116(0) ack 16796840 win
65535
200.x.x.x.1036 > 201.x.x.x.29746: udp 8 (DF)
With the client cisco I see which start in Aggressive Mode.
The person which manage the cisco tell me which use only MainMode.
Thanks for help
Luca
More information about the Users
mailing list