[Openswan Users] Cisco Concentrator 3005 to Openswan

ACasella antony.casella at sand.com
Mon Jun 11 10:34:55 EDT 2007 

Hello,
I am now trying to connect an openswan server that I control to what I
am told is a Cisco 3005 concentrator.  

I am using Linux Openswan U2.4.5/K2.6.20-1.2948.fc6 (netkey)

I was given the following information from the Cisco Admin:

# Public IP address of our VPN Concentrator - 137.186.xxx.xxx
# SA used - ESP-3DES-MD5
# Username - Some_Username
# Password - somepassword


I set up my .conf file as follows:

conn host-to-host
    type=tunnel
    authby=secret
    left=72.55.yyy.yyy
    leftnexthop=%defaultroute
    right=137.186.xxx.xxx
    rightnexthop=%defaultroute
    ike=3des-md5-modp1024
    esp=3des-md5
    keyexchange=ike
    pfs=yes
    auto=add

In my ipsec.secrets I have:

72.55.yyy.yyy 137.186.xxx.xxx : PSK "somepassword"

I don't know where to place the "username" so I ran ipsec auto --up
host-to-host to see the outcome.

[root at secure ipsec.d]#  ipsec auto --up host-to-host
104 "host-to-host" #1: STATE_MAIN_I1: initiate
003 "host-to-host" #1: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
003 "host-to-host" #1: ignoring unknown Vendor ID payload
[4048b7d56ebce88525e7de7f00d6c2d3c0000000]
106 "host-to-host" #1: STATE_MAIN_I2: sent MI2, expecting MR2
010 "host-to-host" #1: STATE_MAIN_I2: retransmission; will wait 20s for
response
003 "host-to-host" #1: ignoring informational payload, type
INVALID_COOKIE
003 "host-to-host" #1: received and ignored informational message
010 "host-to-host" #1: STATE_MAIN_I2: retransmission; will wait 40s for
response
003 "host-to-host" #1: ignoring informational payload, type
INVALID_COOKIE
003 "host-to-host" #1: received and ignored informational message
031 "host-to-host" #1: max number of retransmissions (2) reached
STATE_MAIN_I2
000 "host-to-host" #1: starting keying attempt 2 of an unlimited number,
but releasing whack
[root at secure ipsec.d]#


Is this cisco VPN 3005 with a password even supported?  If so how?
Also,  what does the INVALID COOKIE mean?


Thank you

Antony Casella

More information about the Users mailing list