[Openswan Users] Policy Mismatch: Stuck on

Sebastien COUPPEY sebastien.couppey at zero9.it
Fri Feb 29 06:49:57 EST 2008


You don t put the IKE parameter ?
me with the cisco vpn3030 I have forced :

    ikelifetime=24h
    keylife=28800
    ike=3des-sha1-modp1024
    esp=3des-sha1
    pfs=no
    dpddelay=30
    dpdtimeout=120
    dpdaction=restart
    auto=start




On Thu, Feb 28, 2008 at 11:25:17AM +0500, Khan, Hammad Aslam wrote:
> Correction
> 
> On Thu, Feb 28, 2008 at 11:24 AM, Khan, Hammad Aslam <raohammad at gmail.com>
> wrote:
> 
> > Hi All,
> > I am supposed to connect to a VPN Concentrator 3000 series CISCO on remote end and Linux Fedora Core 6 on my End with OpenSWAN installed;
> >
> > *While trying to connect to remote end; I stuck on *
> > 117 "connectionName" #2:STATE_QUICK_I1: initiate
> >
> > 010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
> >
> > 010 "connectionName" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
> >
> > *Remote End Company says (VPN Concentrator CISCO 3000 series)*
> > Please check your side policy. There is a miss match.
> >
> > 14719 02/26/2008 13:07:45.600 SEV=4 IKE/61 RPT=40382  <http://58.27.207.70/>my.host.ip.add <http://58.27.207.70/>
> >
> > Group [my.host.ip.add <http://58.27.207.70/>]
> >
> > Tunnel rejected: Policy not found for Src:my.private.server.add <http://10.5.125.105/>, Dst: remote.private.ip.add <http://172.18.104.244/>!
> >
> >
> > *My Connection Config*
> > conn connectionName
> >          type=tunnel
> >          authby=secret                   # secret key
> >
> >          auth=esp
> >          pfs=no
> >          esp=3des-md5-96
> >          left=my.host.ip.add <http://58.27.207.70/>             #
> >
> >          leftsubnet=my.private.server.add <http://10.5.125.105/>
> >
> >          #leftnexthop=192.168.100.11     #second eth of my OpenVPS machine connected to my provate network
> >          right=202.69.9.240              # my peer's external, internet-routable ip address=
> >
> >          rightsubnet= remote.private.ip.add <http://172.18.104.244/>/32
> >
> >
> > config setup
> >         interfaces="ipsec0=eth0"
> >         plutodebug="all"
> >
> > *Connection that we were supposed to make (Remote End Credentials that we need to match)*
> >
> >  Hardware Cisco VPN Concentrator 3000  DH Group Diffie-Helman Group 2  Production
> > Peer 6.6.6.6  Encryption Domain 172.18.104.244  Encryption 3DES
> > Authentication MD5  Life Time 86400 sec  PreShared Key "sharedKey"
> >  Protocol ESP
> >
> >
> > *
> > *How am I supposed to change policy to match above mentioned connection credentials.*
> >
> > Regards,
> > *
> >
> >

> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155



More information about the Users mailing list