[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Paul Wouters
paul at xelerance.com
Tue Mar 9 13:56:02 EST 2010
On Tue, 9 Mar 2010, Avesh Agarwal wrote:
>>>> No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>>>>
>>> Exactly what it says that your cisco does not like the proposals
>>> sent by openswan end. Verify your cisco side settings (encryption
>>> lago, hash algo and DH groups) with the ones you set with openswan
>>> and see if there is any mismatch.
>>>
>> Thanks Avesh. I'm looking. But I can't see the mismatch yet. The Cisco (I'm
>> told) is set like this:
>>
>> IPsec Phase I: pre-g2-3des-sha-86400s
>> IPsec Phase II: pfs2-esp-3des-sha-28800s
>>
> Is this DH group 2? Also I think "esp" is being obsolete, so dont use
> that. Well, you can try following:
>
> phase2=esp
> phase2alg=3DES-SHA1;modp1024
The specs also did not mention whether to use Main Mode or Aggressive Mode.
If this fails, try adding aggrmode=yes
Paul
More information about the Users
mailing list