[Openswan Users] Using Openswan 2.4.0 with a Watchguard Firebox
II
Paul Wouters
paul at xelerance.com
Tue Jan 17 00:45:44 CET 2006
On Mon, 16 Jan 2006, Jason Green wrote:
> Here's the error lists that I get on my Watchguard System Manager:
>
> From <my remote ip> AG-HDR ISA_SA ISA_KE ISA_NONCE ISA_ID ISA_VENDORID
> Proposal is unacceptable: mess_id=0
> Sending NO_PROPOSAL_CHOSEN message
> Error processing (sa)
> Agresssive Mode processing failed
> Header invalid (unable to verify, msg = ISA_SA)
Try using Main Mode instead of Aggresive Mode? It's more secure and more flexible.
With Aggressive mode, you have to get the paramters right in the first packet,
there is no room for negotiation.
> 003 "my_connection" #1: multiple transforms were set in aggressive mode.
> Only first one used.
Which openswan is warning you about.
> aggrmode=yes
> auto=add
> ike=3des-sha1
> pfs=yes
Here there is only one ike= specified. This does not match with your logs?
Paul
More information about the Users
mailing list