[Openswan Users] Policy Mismatch: Stuck on

Khan, Hammad Aslam raohammad at gmail.com
Thu Feb 28 01:24:05 EST 2008


Hi All,
I am supposed to connect to a VPN Concentrator 3000 series CISCO on
remote end and Linux Fedora Core 6 on my End with OpenVPN installed;

*While trying to connect to remote end; I stuck on *
117 "connectionName" #2:STATE_QUICK_I1: initiate
010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 20s
for response
010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 40s
for response

*Remote End Company says (VPN Concentrator CISCO 3000 series)*
Please check your side policy. There is a miss match.

14719 02/26/2008 13:07:45.600 SEV=4 IKE/61 RPT=40382
<http://58.27.207.70/>my.host.ip.add <http://58.27.207.70/>

Group [my.host.ip.add <http://58.27.207.70/>]

Tunnel rejected: Policy not found for Src:my.private.server.add
<http://10.5.125.105/>, Dst: remote.private.ip.add
<http://172.18.104.244/>!


*My Connection Config*
conn connectionName
         type=tunnel
         authby=secret                   # secret key
         auth=esp
         pfs=no
         esp=3des-md5-96
         left=my.host.ip.add <http://58.27.207.70/>             #
         leftsubnet=my.private.server.add <http://10.5.125.105/>
         #leftnexthop=192.168.100.11     #second eth of my OpenVPS
machine connected to my provate network
         right=202.69.9.240              # my peer's external,
internet-routable ip address=
         rightsubnet= remote.private.ip.add <http://172.18.104.244/>/32


config setup
        interfaces="ipsec0=eth0"
        plutodebug="all"

*Connection that we were supposed to make (Remote End Credentials that
we need to match)*

 Hardware Cisco VPN Concentrator 3000  DH Group Diffie-Helman Group 2
Production
Peer 6.6.6.6  Encryption Domain 172.18.104.244  Encryption 3DES
Authentication MD5  Life Time 86400 sec  PreShared Key "sharedKey"
 Protocol ESP


*
*How am I supposed to change policy to match above mentioned
connection credentials.*

Regards,
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080228/b8582e53/attachment.html 


More information about the Users mailing list