[Openswan Users] GRE over IPSec - Cisco endpoint

Tom Stockton tom at stocktons.org.uk
Sun Dec 20 14:04:01 EST 2009

On Fri, Dec 18, 2009 at 4:15 PM, Michael Smith <msmith at cbnco.com> wrote:
> On the Cisco side, the provider might have to set "mode transport" on their
> crypto ipsec transform-set.

Thanks for this Mike, unfortunately there is no option to change the
cisco config at the other end as it's fixed by the third party.

I tried to reconnect the IPSec tunnel using the changes as you
suggested, unfortunately it didn't work.  I get the following repeated
message as I did previously.

"No acceptable response to our first Quick Mode message: perhaps peer
likes no proposal"

I'm pretty stuck now so any other suggestions would be very welcome.
I'll request the cisco config from the third party so that I can see
exactly what's going  on ....



More information about the Users mailing list