[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Avesh Agarwal
avagarwa at redhat.com
Tue Mar 9 13:21:51 EST 2010
On 03/09/2010 01:17 PM, Whit Blauvelt wrote:
> On Tue, Mar 09, 2010 at 12:48:24PM -0500, Whit Blauvelt wrote:
>
>
>> At the moment I'm stuck on:
>>
>> # ipsec setup --start
>> ipsec_setup: Starting Openswan IPsec U2.6.24/K2.6.24-19-server...
>> ipsec_setup: no default routes detected
>>
>> Is that a fatal error? ...
>>
> No, that wasn't fatal. I needed to adjust my firewall rules. Which got me to
> the next hangup:
>
> # ipsec auto --up cisco
> 104 "cisco" #1: STATE_MAIN_I1: initiate
> 003 "cisco" #1: ignoring Vendor ID payload [FRAGMENTATION c0000000]
> 106 "cisco" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "cisco" #1: received Vendor ID payload [Cisco-Unity]
> 003 "cisco" #1: received Vendor ID payload [XAUTH]
> 003 "cisco" #1: ignoring unknown Vendor ID payload [3c7dcb3b07c043b07e8648c9c7e10420]
> 003 "cisco" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]
> 108 "cisco" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 003 "cisco" #1: received Vendor ID payload [Dead Peer Detection]
> 004 "cisco" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> 117 "cisco" #2: STATE_QUICK_I1: initiate
> 010 "cisco" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
> 010 "cisco" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
> 031 "cisco" #2: max number of retransmissions (2) reached STATE_QUICK_I1.
> No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
Exactly what it says that your cisco does not like the proposals sent by
openswan end. Verify your cisco side settings (encryption lago, hash
algo and DH groups) with the ones you set with openswan and see if there
is any mismatch.
Avesh
> 000 "cisco" #2: starting keying attempt 2 of an unlimited number, but releasing whack
>
> Any hints appreciated.
>
> Whit
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list