[Openswan Users] Phase 1 failure
Paul Wouters
paul at xelerance.com
Wed Jan 20 11:01:40 EST 2010
On Tue, 19 Jan 2010, Overkill wrote:
> Greetings, I have an tunnel between a ASA5505 and a Linux box running
> Openswan. I disabled PFS on both sides of the tunnel and now when the
> tunnel renegotiates it comes up but I'm still getting the error below.
> Is there a way to manually specify the Group1,2, or 5? Is there a way
> to stop the Openswan side to force these attributes so that the erroring
> will stop?
> conn server-98.x.x.53
> type=tunnel
> authby=secret
> left=64.x.x.87
> leftsubnet=192.168.1.0/24
> leftnexthop=64.x.x.65
> right=98.x.x.53
> rightsubnet=10.30.10.0/28
> rightnexthop=98.x.x.33
> esp=3des-sha1
> keyexchange=ike
> pfs=no
> auto=start
>
> Here is the error from the ASA...
> Jan 19 16:44:35 10.30.10.1 %ASA-5-713257: Phase 1 failure: Mismatched
> attribute types for class Group Description: Rcv'd: Unknown Cfg'd: Group 2
Try adding: ike=3des-sha1-modp1536
Paul
More information about the Users
mailing list