[Openswan Users] Policy Mismatch: Stuck on

Khan, Hammad Aslam raohammad at gmail.com
Thu Feb 28 01:24:05 EST 2008

Hi All,
I am supposed to connect to a VPN Concentrator 3000 series CISCO on
remote end and Linux Fedora Core 6 on my End with OpenVPN installed;

*While trying to connect to remote end; I stuck on *
117 "connectionName" #2:STATE_QUICK_I1: initiate
010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 20s
for response
010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 40s
for response

*Remote End Company says (VPN Concentrator CISCO 3000 series)*
Please check your side policy. There is a miss match.

14719 02/26/2008 13:07:45.600 SEV=4 IKE/61 RPT=40382
<>my.host.ip.add <>

Group [my.host.ip.add <>]

Tunnel rejected: Policy not found for Src:my.private.server.add
<>, Dst: remote.private.ip.add

*My Connection Config*
conn connectionName
         authby=secret                   # secret key
         left=my.host.ip.add <>             #
         leftsubnet=my.private.server.add <>
         #leftnexthop=     #second eth of my OpenVPS
machine connected to my provate network
         right=              # my peer's external,
internet-routable ip address=
         rightsubnet= remote.private.ip.add <>/32

config setup

*Connection that we were supposed to make (Remote End Credentials that
we need to match)*

 Hardware Cisco VPN Concentrator 3000  DH Group Diffie-Helman Group 2
Peer  Encryption Domain  Encryption 3DES
Authentication MD5  Life Time 86400 sec  PreShared Key "sharedKey"
 Protocol ESP

*How am I supposed to change policy to match above mentioned
connection credentials.*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080228/b8582e53/attachment.html 

More information about the Users mailing list