[Openswan Users] Connecting RH9 <-> Cisco
Oliver Schulze L.
oliver at samera.com.py
Tue Nov 1 18:28:29 CET 2005
Hi Paul,
just for documentation, here is the error I get when connecting to the
Cisco router:
# ipsec auto --up ipsec1
104 "ipsec1" #1: STATE_MAIN_I1: initiate
106 "ipsec1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "ipsec1" #1: ignoring Vendor ID payload [Cisco-Unity]
003 "ipsec1" #1: received Vendor ID payload [Dead Peer Detection]
003 "ipsec1" #1: ignoring Vendor ID payload [9cc83e6429429743...]
003 "ipsec1" #1: received Vendor ID payload [XAUTH]
108 "ipsec1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "ipsec1" #1: encrypted Informational Exchange message is invalid
because it is for incomplete ISAKMP SA
010 "ipsec1" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
003 "ipsec1" #1: encrypted Informational Exchange message is invalid
because it is for incomplete ISAKMP SA
010 "ipsec1" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
I'm not in the works of trying the new openswan 2.4.0 using the .rpms
from atrpms provided by Mitja
Oliver
Paul Wouters wrote:
>On Mon, 31 Oct 2005, Oliver Schulze L. wrote:
>
>
>
>>I need to connect a Cisco router with RedHat 9 using IPSEC.
>>I wonder if someone have some tips on this kind of setup?
>>
>>I'm planning using openswan 1.0.3 with the kernel provided by openswan.org
>>
>>
>
>openswan-1.0.3 should not be used. It has some security vulnerabilities. If
>you really want to use openswan-1 (which will be EOL'ed and the end of this
>year and is currently in maintenance mode only for security updates), use
>1.0.10rc2. It won't work on 2.6 kernels, and NAT-T will be broken.
>
>You are better of using openswan-2
>
>Paul
>
>
--
Oliver Schulze L.
<oliver at samera.com.py>
More information about the Users
mailing list