[Openswan Users] openSWAN to Cisco IOS
Andy Gay
andy at andynet.net
Tue Nov 14 12:17:14 EST 2006
On Tue, 2006-11-14 at 11:54 -0500, Christian Brechbühler wrote:
> On 8/22/06, Andy Gay <andy at andynet.net> wrote:
> On Tue, 2006-08-22 at 11:53 -0400, Glenn Henshaw wrote:
> > What can cause the "NO_PROPOSAL_CHOSEN" message from the
> Cisco?
> >
> The 2 ends can't agree on phase2 parameters. Everything has to
> match -
> left/right subnets, encryption/authentication algorithms, PFS,
> probably
> more...
>
> Similar problem here: trying to connect to a Cisco (no idea what
> model), we get to this:
> Nov 14 11:09:03 [pluto] "NYC" #6: initiating Quick Mode PSK+ENCRYPT
> +COMPRESS+TUNNEL+PFS+UP {using isakmp#5}
> Nov 14 11:09:03 [pluto] "NYC" #5: ignoring informational payload, type
> NO_PROPOSAL_CHOSEN
>
>
>
> The owner of the Cisco thing tell us that cisco doesn't like quick
> mode, and that we have to disable quick mode in openswan.
>
Huh?
> Does this sound right?
No. Quick mode is also called phase 2, it's where the IPsec SA gets set
up.
As with the previous poster, you evidently have a mismatch with your
phase 2 parameters. Check that everything matches.
> And if yes, how would I do it?
>
> Thank you!
> /Christian
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
More information about the Users
mailing list