[Openswan Users] pix 506 6.3.4 and openswan 2.3.1 problem
Dmitry Melekhov
dm at belkam.com
Thu Jul 14 12:01:05 CEST 2005
Hello!
I did all as on
http://wiki.openswan.org/index.php/CiscoPIX
But I can't get STATE_QUICK_I2
This is what I see on pix:
ISAKMP (0): processing SA payload. message ID = 3328319873
ISAKMP : Checking IPSec proposal 0
ISAKMP: transform 0, ESP_3DES
ISAKMP: attributes in transform:
ISAKMP: encaps is 1
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (basic) of 28800
ISAKMP: authenticator is HMAC-MD5
ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 0
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_block:src:81.176.183.29, dest:81.176.183.30
spt:500 dpt:500
ISAKMP: reserved not zero on payload 8!
ISAKMP: malformed payload
I have 3des-md5 on both sides and access list, imho, is right:
access-list HOHRYAK-VPN permit ip 192.168.29.0 255.255.255.0
192.168.27.0 255.255.255.0
Any ideas?
More information about the Users
mailing list