[Openswan Users] PIX515 with AES to Openwan 2.3.0

Trevor Benson TrevorBenson at a-1networks.com
Thu May 19 15:32:20 CEST 2005 

Having issues with a PIX 515 using AES256 to connect to openswan 2.3.0.


 

Here is the ipsec.conf conn entry minus the IP address:

 

conn colo.dbg

        left=64.142.a.b

        leftnexthop=%defaultroute

        leftsubnet=192.168.167.0/255.255.255.0

        right=64.142.x.y

        rightsubnet=192.168.101.0/24

        rightnexthop=%defaultroute

        type=tunnel

        pfs=yes

        keyexchange=ike

        authby=secret

        auto=start

        esp=aes256-sha1

        auth=esp

 

Here is the output from the log file after I try ipsec auto --up
colo.dbg

 

May 19 14:23:43 office1 pluto[1145]: "colo.dbg": deleting connection

May 19 14:23:46 office1 pluto[1145]: added connection description
"colo.dbg"

May 19 14:23:50 office1 pluto[1145]: "colo.dbg" #2256: initiating Main
Mode

May 19 14:23:50 office1 pluto[1145]: | no IKE algorithms for this
connection

May 19 14:23:50 office1 pluto[1145]: packet from 64.142.x.y:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

May 19 14:23:50 office1 pluto[1145]: packet from 64.142.x.y:500:
received and ignored informational message

May 19 14:25:00 office1 pluto[1145]: packet from 64.142.x.y:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

May 19 14:25:00 office1 pluto[1145]: packet from 64.142.x.y:500:
received and ignored informational message

May 19 14:26:20 office1 pluto[1145]: packet from 64.142.x.y:500:
ignoring informational payload, type NO_PROPOSAL_CHOSEN

May 19 14:26:20 office1 pluto[1145]: packet from 64.142.x.y:500:
received and ignored informational message

 

I have PIX's that have the exact same configuration as the current 515
but swapping 3DES and MD5 for AES and SHA1.  They work fine, but this
box seems to fail.  Let me know if you want PIX config information, I
will chop it out for you.

 

 

Thank you,

Trevor Benson

A1 Network Solutions

Office: 707-570-2021

Mobile: 707-479-2965

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050519/37f6e354/attachment-0001.htm

More information about the Users mailing list