[Openswan Users] openswan to Instagate

[ACasella]

I'm trying to interconnect a host-to-host connection to an instagate
firewall appliance (basically it looks like it runs either free or
openswan on redhat).

I think I am falling short on the IKE/ESP settings on the openswan side
in my configuration as I cannot initiate the connection.  

When I initiate an ipsec auto --up host-to-host from my openswan server,
The instagate appliance responds with NO_PROPOSAL_CHOSEN:

2007 May 31 13:49:17 instagate
****************************************************
2007 May 31 13:49:17 instagate 
2007 May 31 13:49:17 instagate **** RECEIVED  FIRST MESSAGE OF MAIN MODE **** 
2007 May 31 13:49:17 instagate 
2007 May 31 13:49:17 instagate <POLICY: > PAYLOADS: SA,PROP,TRANS,TRANS,TRANS,TRANS,VID,VID,VID,VID,VID,VID,VID
2007 May 31 13:49:17 instagate 
2007 May 31 13:49:17 instagate ERROR# NO MATCHING ISAKMP PROPOSAL FOR DIALUP CASE
2007 May 31 13:49:17 instagate 
2007 May 31 13:49:17 instagate SENDING NOTIFY MSG:
2007 May 31 13:49:17 instagate NO_PROPOSAL_CHOSEN
2007 May 31 13:49:17 instagate 
2007 May 31 13:49:17 instagate <POLICY: > PAYLOADS: NOTIFY
2007 May 31 13:49:17 instagate 
2007 May 31 13:49:17 instagate **** SENT OUT INFORMATIONAL EXCHANGE MESSAGE **** 
2007 May 31 13:49:17 instagate 

The instagate has limited choices for various IKE, DH and SPF.

The defaults are:  3DES enc,SHA-1 auth,DH2 
and 		:  3DES enc, MD5 auth, DH2
Strict PFS is disabled.
Key refresh is 24 hours
And key management is preshared key.

My conf is

conn host-to-host
    type=tunnel
    authby=secret
    left=207.61.yyy.yyy
    leftid=@yyyy
    leftnexthop=%defaultroute
    right=72.55.xxx.xxx
    rightid=@xxxx
    rightnexthop=%defaultroute
    esp=3des-md5-96,3des-sha1
    keyexchange=    ike
    pfs=            no
    auto=add

What conf settings am I getting wrong in this set up?

Thank you

Antony Casella