[Openswan Users] Connecting RH9 <-> Cisco

Paul Wouters paul at xelerance.com
Tue Nov 1 23:47:53 CET 2005


On Tue, 1 Nov 2005, Oliver Schulze L. wrote:

> just for documentation, here is the error I get when connecting to the Cisco
> router:
>
> # ipsec auto --up ipsec1
> 104 "ipsec1" #1: STATE_MAIN_I1: initiate
> 106 "ipsec1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "ipsec1" #1: ignoring Vendor ID payload [Cisco-Unity]
> 003 "ipsec1" #1: received Vendor ID payload [Dead Peer Detection]
> 003 "ipsec1" #1: ignoring Vendor ID payload [9cc83e6429429743...]
> 003 "ipsec1" #1: received Vendor ID payload [XAUTH]
> 108 "ipsec1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "ipsec1" #1: encrypted Informational Exchange message is invalid because
> it is for incomplete ISAKMP SA
> 010 "ipsec1" #1: STATE_MAIN_I3: retransmission; will wait 20s for response
> 003 "ipsec1" #1: encrypted Informational Exchange message is invalid because
> it is for incomplete ISAKMP SA
> 010 "ipsec1" #1: STATE_MAIN_I3: retransmission; will wait 40s for response
>
> I'm not in the works of trying the new openswan 2.4.0 using the .rpms from
> atrpms provided by Mitja

Ask your Cisco administrator what the paramters of your connection should be.
It looks like you need XAUTH, see doc/XAUTH*. You might also need Aggressive mode.

Paul


More information about the Users mailing list