[Openswan Users] Problems CISCO PIX and OPENSWAN stuck in Phase 2
Brian Candler
B.Candler at pobox.com
Mon Jun 5 17:11:19 CEST 2006
On Mon, Jun 05, 2006 at 05:04:37PM +0200, Javier Perez-Griffo wrote:
> 117 "ciemat" #2: STATE_QUICK_I1: initiate
> 010 "ciemat" #2: STATE_QUICK_I1: retransmission; will wait 20s for
> response
When I've seen this it turned out that the far end didn't like our proposal
(e.g. disagreement on cipher or PFS settings, or on the protected subnets).
tcpdump -v may show a NO_PROPOSAL_CHOSEN informative message. Debugging on
the Cisco side will give you more detailled information: in IOS it's
debug crypto isakmp
but I expect there's something similar on the PIX.
HTH,
Brian.
More information about the Users
mailing list