[Openswan Users] Sonicwall TZ170 to OpenSWAN peer's ID_USER_FQDN contains no @
Paul Wouters
paul at xelerance.com
Thu Apr 29 15:02:40 EDT 2010
On Thu, 29 Apr 2010, Mike A. Leonetti wrote:
> This is what happens though:
>
> Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
Specify an ike= and esp= line for aggressive mode, so you are sure
you are using th proper proposal.
> Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: transform
> (5,2,2,0) ignored.
> Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: initiating
> Aggressive Mode #4, connection "andree"
> Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 16:53:20 fortissimo pluto[29283]: "andree" #4: transform
> (5,2,2,0) ignored.
> Apr 28 16:53:20 fortissimo ipsec__plutorun: 003 "andree" #4: multiple
> transforms were set in aggressive mode. Only first one used.
> Apr 28 16:53:20 fortissimo ipsec__plutorun: 003 "andree" #4: transform
> (5,2,2,0) ignored.
>
> And the Sonicwall side says:
> IKE negotiation aborted due to timeout
> IKE Initiator: No response - remote party timeout
It seemds that you might have an OUTPUT filter dropping your IKE response packet?
Paul
More information about the Users
mailing list