[Openswan Users] Tunnel to Cisco 1721

Markus Winkler m at rkus-winkler.de
Thu Sep 21 14:48:15 EDT 2006


Hi,

I want to establish a tunnel from Openswan 2.4.5 to a Cisco 1721. It's a
tunnel with PSK, 3DES-MD5, PFS. We compared all the relevant settings
(lifetime, psk etc.) all is identical.

The problem:

Openswan-log:

pluto[4128]: "peer" #2: initiating Main Mode

pluto[4128]: "peer" #2: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
pluto[4128]: "peer" #2: STATE_MAIN_I2: sent MI2, expecting MR2

pluto[4128]: "peer" #2: received Vendor ID payload [Cisco-Unity]

pluto[4128]: "peer" #2: received Vendor ID payload [Dead Peer Detection]

pluto[4128]: "peer" #2: ignoring unknown Vendor ID payload
[4f7215dfac6272a13c5177df4cc28213]
pluto[4128]: "peer" #2: received Vendor ID payload [XAUTH]

pluto[4128]: "peer" #2: I did not send a certificate because I do not
have one.
pluto[4128]: "peer" #2: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
pluto[4128]: "peer" #2: STATE_MAIN_I3: sent MI3, expecting MR3

pluto[4128]: "peer" #2: Informational Exchange message is invalid
because it has a Message ID of 0
pluto[4128]: "peer" #2: Informational Exchange message is invalid
because it has a Message ID of 0
pluto[4128]: "peer": terminating SAs using this connection

pluto[4128]: "peer" #2: deleting state (STATE_MAIN_I3)


The Cisco-box says:
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from xx.xx.xx.xx was not
encrypted and it should've been.

Cisco says:
Explanation: A portion of the IKE exchange takes place using clear text,
and a portion is encrypted. This message should have been encrypted but
was not.
Recommended Action: Contact the remote peer.

Hmm, the remote peer is me ... ;-)

Something's wrong in phase1, but what? I searched and searched, but
cannot find a solution.

Any ideas? Did anyone see such error-messages?

Thanks and
kind regards,

Markus


More information about the Users mailing list