[Openswan Users] Trying to get Openswan working Ubuntu to Cisco ASA 5510
Whit Blauvelt
whit at transpect.com
Tue Mar 9 14:03:43 EST 2010
> > IPsec Phase I: pre-g2-3des-sha-86400s
> > IPsec Phase II: pfs2-esp-3des-sha-28800s
> >
> Is this DH group 2? Also I think "esp" is being obsolete, so dont use
> that. Well, you can try following:
>
> phase2=esp
> phase2alg=3DES-SHA1;modp1024
Thanks again. Whether that's DH group2 ... probably, but it's getting
through phase I, so could that be the problem?
Are you suggesting I have the Cisco admin not use esp?
After adding the two lines you suggest I get:
ipsec_setup: duplicate key 'phase2' in conn cisco while processing def cisco
ipsec_setup: duplicate key 'phase2alg' in conn cisco while processing def cisco
ipsec_setup: while loading 'cisco': duplicate key 'phase2alg' in conn cisco while processing def cisco
What these are duplicating is not clear, since there is only one
specification of either "phase2" and "phase2alg" in the ipsec.con.
At that point
# ipsec auto --up cisco
000 initiating all conns with alias='cisco'
021 no connection named "cisco"
So whatever the "duplicate key" message means, it's a fatal problem.
Best,
Whit
More information about the Users
mailing list