[Openswan Users] openswan -vpn concentrator
cesar at queretaro.podernet.com.mx
cesar at queretaro.podernet.com.mx
Mon Feb 20 18:31:31 CET 2006
I have VPN Concentrator Type 3005, Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.4.A
and Fedora core 4 whit openswan this is my configuration
In The VPN Concentrator's
Configuration->System->Tunneling Protocols->IPSec->IKE Proposals
Proposal Name openswan
Authentication Mode Preshared Keys
Authentication Algorithm MD5/HMAC-128
Encryption Algorithm 3DES-168
Diffie-Hellman Group Group 2 (1024-bits)
Lifetime Measurement Time
Data Lifetime 10000
Time Lifetime 28800
Configuration->System->Tunneling Protocols->IPSec->IPSec Lan-to-Lan
Name openswan
Interface Ethernet 2 (Public)(64.64.64.64)
Peer 63.63.63.63
Digital Certificate None (Use Preshared Keys)
Preshared Key Amazingly secure secret key
Authentication ESP/MD5/HMAC-128
Encryption 3DES-168
IKE Proposal openswan
Filter --None--
IPSec NAT-T Unchecked
Bandwidth Policy --None--
Routing None
Local Network:
Network List Use IP Address/Wildcard-mask below
IP Address 10.13.1.0
Wildcard Mask 0.0.0.255
Remote Network:
Network List Use IP Address/Wildcard-mask below
IP Address 10.13.2.0
Wildcard Mask 0.0.0.255
Configuration->System->Tunneling Protocols->IPSec->IKE Proposals
SA Name L2L: openswan
Inheritance From Rule
Authentication Algorithm ESP/MD5/HMAC-128
Encryption Algorithm 3DES-168
Encapsulation Mode Tunnel
Perfect Forward Secrecy Group 2 (1024-bits)
Lifetime Measurement Time
Data Lifetime 10000
Time Lifetime 28800
IKE Parameters
IKE Peer 63.63.63.63
Negotiation Mode Main
Digital Certificate None (Use Preshared Keys)
IKE Proposal openswan
and, fedora core 4
# basic configuration
config setup
forwardcontrol=yes
interfaces=%defaultroute
nat_traversal=no
uniqueids=yes
plutowait=no
plutodebug=all
klipsdebug=all
conn concentrator
authby=secret
auto=add
compress=no
ikelifetime=8h
keyingtries=0
left=21.94.87.125
leftid=21.94.87.125
leftsubnet=172.16.34.0/24
pfs=no
right=1.2.3.4
rightid=5.6.7.8
rightsubnet=172.16.1.0/24
type=tunnel
I have this error
04 "concentrator" #1: STATE_MAIN_I1: initiate
010 "concentrator" #1: STATE_MAIN_I1: retransmission; will wait 20s for response003 "concentrator" #1: ignoring unknown Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
106 "concentrator" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "concentrator" #1: received Vendor ID payload [Cisco-Unity]
003 "concentrator" #1: received Vendor ID payload [XAUTH]
003 "concentrator" #1: ignoring unknown Vendor ID payload [905b18e5c6ec9a879584e281d23c8414]
003 "concentrator" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
108 "concentrator" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "concentrator" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 "concentrator" #2: STATE_QUICK_I1: initiate
010 "concentrator" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "concentrator" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "concentrator" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no
proposal
000 "concentrator" #2: starting keying attempt 2 of an unlimited number, but releasing whack
some idea of like solving it?
More information about the Users
mailing list