[Openswan Users] Policy Mismatch: Stuck on

Khan, Hammad Aslam raohammad at gmail.com
Thu Feb 28 01:25:17 EST 2008 

Correction

On Thu, Feb 28, 2008 at 11:24 AM, Khan, Hammad Aslam <raohammad at gmail.com>
wrote:

> Hi All,
> I am supposed to connect to a VPN Concentrator 3000 series CISCO on remote end and Linux Fedora Core 6 on my End with OpenSWAN installed;
>
> *While trying to connect to remote end; I stuck on *
> 117 "connectionName" #2:STATE_QUICK_I1: initiate
>
> 010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
>
> 010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
>
> *Remote End Company says (VPN Concentrator CISCO 3000 series)*
> Please check your side policy. There is a miss match.
>
> 14719 02/26/2008 13:07:45.600 SEV=4 IKE/61 RPT=40382  <http://58.27.207.70/>my.host.ip.add <http://58.27.207.70/>
>
> Group [my.host.ip.add <http://58.27.207.70/>]
>
> Tunnel rejected: Policy not found for Src:my.private.server.add <http://10.5.125.105/>, Dst: remote.private.ip.add <http://172.18.104.244/>!
>
>
> *My Connection Config*
> conn connectionName
>          type=tunnel
>          authby=secret                   # secret key
>
>          auth=esp
>          pfs=no
>          esp=3des-md5-96
>          left=my.host.ip.add <http://58.27.207.70/>             #
>
>          leftsubnet=my.private.server.add <http://10.5.125.105/>
>
>          #leftnexthop=192.168.100.11     #second eth of my OpenVPS machine connected to my provate network
>          right=202.69.9.240              # my peer's external, internet-routable ip address=
>
>          rightsubnet= remote.private.ip.add <http://172.18.104.244/>/32
>
>
> config setup
>         interfaces="ipsec0=eth0"
>         plutodebug="all"
>
> *Connection that we were supposed to make (Remote End Credentials that we need to match)*
>
>  Hardware Cisco VPN Concentrator 3000  DH Group Diffie-Helman Group 2  Production
> Peer 6.6.6.6  Encryption Domain 172.18.104.244  Encryption 3DES
> Authentication MD5  Life Time 86400 sec  PreShared Key "sharedKey"
>  Protocol ESP
>
>
> *
> *How am I supposed to change policy to match above mentioned connection credentials.*
>
> Regards,
> *
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080228/7960f6c2/attachment.html

More information about the Users mailing list