[Openswan Users] Problem connecting Openswan to Cisco Pix 515
Paul Wouters
paul at xelerance.com
Mon Jul 11 20:59:11 CEST 2005
On Mon, 11 Jul 2005, Chris Godfrey wrote:
> "protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0"
>
> Have done lots of googling and it seems that this is due to Cisco not
> adhering to the RFCs on what payloads can be accepted. I have also read
> that the developers of Openswan are not willing to make allowances for
> this since it would be deviating from the RFCs. Fair enough, but there
> must be a way around this somehow.
You must be running an old version of Openswan.
> I've also tried playing around with the 'rightprotoport=17/%any' values
> in ipsec.conf but got nothing good so far, either my syntax is picked up
> as wrong, it tells me I can't use wildcards to start a connection, or I
> get the same error message reported above.
That means your version of openswan is too old.
> We're using Openswan 2.1.5 on the 2.4.28 kernel.
Please upgrade to openswan-2.3.x and use rightprotoport=17/%any
Paul
More information about the Users
mailing list