[Openswan Users] openSWAN to Cisco IOS

Paul Wouters paul at xelerance.com
Tue Nov 14 12:13:52 EST 2006


On Tue, 14 Nov 2006, Christian Brechbühler wrote:

> Similar problem here: trying to connect to a Cisco (no idea what model), we
> get to this:
> Nov 14 11:09:03 [pluto] "NYC" #6: initiating Quick Mode
> PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#5}
> Nov 14 11:09:03 [pluto] "NYC" #5: ignoring informational payload, type
> NO_PROPOSAL_CHOSEN
>
> The owner of the Cisco thing tell us that cisco doesn't like quick mode, and
> that we have to disable quick mode in openswan.
>
> Does this sound right?  And if yes, how would I do it?

No, that sounds like someone does not know what they are talking about.
Ask the cisco person for the following:

Mode (main or aggressive)
PFS (yes or no)
Phase 1 (3des/aes md5/sh1)
Phase 2 (3des/aes md5/sh1)
modp (aka DiffieHellman) group
src/dst (aka left/right) type and value of ID's (IP, string, X.509 DN)
subnets for srd/st (aka left/right)

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list