[Openswan Users] rightsubnet parameter question
loloski at yahoo.com
Thu Nov 5 09:27:51 EST 2009
Many thanks for your help, this is the config on the cisco side. can you take a look at this and suggest the proper
ike and esp line on my side?
with this config my configuration is
ike = aes_sha1
esp = aes_sha1
is this correct ?
crypto isakmp policy 45
crypto isakmp key secret address 220.127.116.11
crypto ipsec transform-set sha-aes esp-aes esp-sha-hmac
crypto map generic 170 ipsec-isakmp
description ** VPN to Client **
set peer 18.104.22.168
set transform-set sha-aes
match address vpnclient
ip access-list extended vpnclient
permit ip host 22.214.171.124 10.8.44.0 0.0.0.255
PSC-XVPN1# sh cry isa sa
dst src state conn-id slot
126.96.36.199 188.8.131.52 QM_IDLE 940 0
Oct 30 12:31:33.592: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of
Quick mode failed with peer at 184.108.40.206
From: Paul Wouters <paul at xelerance.com>
To: Ronald <loloski at yahoo.com>
Sent: Thu, November 5, 2009 8:19:44 PM
Subject: Re: [Openswan Users] rightsubnet parameter question
On Thu, 5 Nov 2009, Ronald wrote:
> Thanks for your reply, yes the config i attach is just what i had in mind sorry, yes we do the
> authentication via pre-shared key.
> pfs is disabled on cisco side. xauth this is my problem since according to the admin he has no setting
> with this. on part on the crypto map definition.
> no-xauth no-config-mode option
Then your config looks fine, so you might only need to change the ike= and esp= line to
the values the cisco has configured.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users