[Openswan Users] Ubuntu - Cisco help please...

Martin Schwartz ms at wsap.net
Mon Jan 25 14:25:42 EST 2010

What's the config of your pix (sh ru)?

It should contain something like


crypto ipsec transform-set 3des-md5 esp-3des esp-md5-hmac 


crypto map vpn 11 ipsec-isakmp

crypto map vpn 11 match address xxx

crypto map vpn 11 set peer x.x.x.x

crypto map vpn 11 set transform-set 3des-md5 

crypto map vpn interface outside


isakmp key xxx address x.x.x.x netmask


isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 3600





Von: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Im
Auftrag von Avesh Agarwal
Gesendet: Montag, 25. Januar 2010 19:25
An: users at openswan.org
Betreff: Re: [Openswan Users] Ubuntu - Cisco help please...


On 01/21/2010 03:20 PM, openwan wan wrote: 

Hello everybody, 

I am asking for help after spending two days to get this working. I want to
connect from my ubuntu machine having a public ip address to couple of pcs
inside a corporation. These PCs have 172.x.x.x addresses. I dont have any
subnet behind my public machine that is running OpenSwan, that is the
machine that will do the talking to the PCS and also runs the OpenSwan. Is
it possible at all? The PCs are protected by a Cisco PIX. here is my
ipsec.conf file.


type=           tunnel

authby=         secret


 left=           xx.xx.xx.xx


leftnexthop=    %defaultroute


 right=          yy.yy.yy.yy


rightnexthop=   %defaultroute

esp=            3des-md5

 keyexchange=    ike

pfs=            no      

Did you try pfs=yes?


 auto=           start 


The tunnel itself is nto getting established, I keep getting Pluto error
NO_PROPOSAL accepted. Any help will be appreciated. Thanks.

Users at openswan.org
Building and Integrating Virtual Private Networks with Openswan: 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100125/2728a255/attachment.html 

More information about the Users mailing list