[Openswan Users] openSWAN to Cisco IOS

Peter McGill petermcgill at goco.net
Tue Nov 14 12:36:05 EST 2006


> Similar problem here: trying to connect to a Cisco (no idea what model), we
> get to this:
> Nov 14 11:09:03 [pluto] "NYC" #6: initiating Quick Mode
> PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#5}
> Nov 14 11:09:03 [pluto] "NYC" #5: ignoring informational payload, type
> NO_PROPOSAL_CHOSEN

> The owner of the Cisco thing tell us that cisco doesn't like quick mode, and
> that we have to disable quick mode in openswan.

I believe your Cisco owner is mistaken, as far as I know, all IPSec uses
Quick Mode, although Cisco might not refer to it by that name.
You obviously have your authentication (phase 1/main mode) configuration
alright, now you need to match your encryption/tunnel/ipsec/phase 2/quick mode,
configurations.
if you have an ike= line in your openswan conf, try adding a similar esp= line.
For example,
if ike=3des-sha1-modp1024
set esp=3des-sha1
The real problem is the "NO_PROPOSAL_CHOSEN" which means your
not aggreeing on what encryption method to use.
What does your ISAKMP SA established log line say?
Use the same encryption method in your esp line.

Peter McGill
Software Developer / Network Administrator
Gra Ham Energy Limited


More information about the Users mailing list