[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Whit Blauvelt
whit at transpect.com
Tue Mar 9 13:17:45 EST 2010
On Tue, Mar 09, 2010 at 12:48:24PM -0500, Whit Blauvelt wrote:
> At the moment I'm stuck on:
>
> # ipsec setup --start
> ipsec_setup: Starting Openswan IPsec U2.6.24/K2.6.24-19-server...
> ipsec_setup: no default routes detected
>
> Is that a fatal error? ...
No, that wasn't fatal. I needed to adjust my firewall rules. Which got me to
the next hangup:
# ipsec auto --up cisco
104 "cisco" #1: STATE_MAIN_I1: initiate
003 "cisco" #1: ignoring Vendor ID payload [FRAGMENTATION c0000000]
106 "cisco" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "cisco" #1: received Vendor ID payload [Cisco-Unity]
003 "cisco" #1: received Vendor ID payload [XAUTH]
003 "cisco" #1: ignoring unknown Vendor ID payload [3c7dcb3b07c043b07e8648c9c7e10420]
003 "cisco" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
108 "cisco" #1: STATE_MAIN_I3: sent MI3, expecting MR3
003 "cisco" #1: received Vendor ID payload [Dead Peer Detection]
004 "cisco" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
117 "cisco" #2: STATE_QUICK_I1: initiate
010 "cisco" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "cisco" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "cisco" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
000 "cisco" #2: starting keying attempt 2 of an unlimited number, but releasing whack
Any hints appreciated.
Whit
More information about the Users
mailing list