[Openswan Users] Tunnel to Cisco 1721
Markus Winkler
m at rkus-winkler.de
Thu Sep 21 14:48:15 EDT 2006
Hi,
I want to establish a tunnel from Openswan 2.4.5 to a Cisco 1721. It's a
tunnel with PSK, 3DES-MD5, PFS. We compared all the relevant settings
(lifetime, psk etc.) all is identical.
The problem:
Openswan-log:
pluto[4128]: "peer" #2: initiating Main Mode
pluto[4128]: "peer" #2: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
pluto[4128]: "peer" #2: STATE_MAIN_I2: sent MI2, expecting MR2
pluto[4128]: "peer" #2: received Vendor ID payload [Cisco-Unity]
pluto[4128]: "peer" #2: received Vendor ID payload [Dead Peer Detection]
pluto[4128]: "peer" #2: ignoring unknown Vendor ID payload
[4f7215dfac6272a13c5177df4cc28213]
pluto[4128]: "peer" #2: received Vendor ID payload [XAUTH]
pluto[4128]: "peer" #2: I did not send a certificate because I do not
have one.
pluto[4128]: "peer" #2: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
pluto[4128]: "peer" #2: STATE_MAIN_I3: sent MI3, expecting MR3
pluto[4128]: "peer" #2: Informational Exchange message is invalid
because it has a Message ID of 0
pluto[4128]: "peer" #2: Informational Exchange message is invalid
because it has a Message ID of 0
pluto[4128]: "peer": terminating SAs using this connection
pluto[4128]: "peer" #2: deleting state (STATE_MAIN_I3)
The Cisco-box says:
%CRYPTO-6-IKMP_NOT_ENCRYPTED: IKE packet from xx.xx.xx.xx was not
encrypted and it should've been.
Cisco says:
Explanation: A portion of the IKE exchange takes place using clear text,
and a portion is encrypted. This message should have been encrypted but
was not.
Recommended Action: Contact the remote peer.
Hmm, the remote peer is me ... ;-)
Something's wrong in phase1, but what? I searched and searched, but
cannot find a solution.
Any ideas? Did anyone see such error-messages?
Thanks and
kind regards,
Markus
More information about the Users
mailing list