[Openswan Users] pix 506 6.3.4 and openswan 2.3.1 problem

Dmitry Melekhov dm at belkam.com
Thu Jul 14 12:01:05 CEST 2005


I did all as on

But I can't get STATE_QUICK_I2

This is what I see on pix:

ISAKMP (0): processing SA payload. message ID = 3328319873

ISAKMP : Checking IPSec proposal 0

ISAKMP: transform 0, ESP_3DES
ISAKMP:   attributes in transform:
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (basic) of 28800
ISAKMP:      authenticator is HMAC-MD5
ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): SA not acceptable!
ISAKMP (0): sending NOTIFY message 14 protocol 0
return status is IKMP_ERR_NO_RETRANS
crypto_isakmp_process_block:src:, dest: 
spt:500 dpt:500
ISAKMP: reserved not zero on payload 8!
ISAKMP: malformed payload

I have 3des-md5 on both sides and access list, imho, is right:
access-list HOHRYAK-VPN permit ip

Any ideas?

More information about the Users mailing list