[Openswan Users] Connecting to Cisco VPN, getting INVALID_ID_INFORMATION followed by "perhaps peer likes no proposal"
nick at howitts.co.uk
Wed Mar 19 13:35:32 EDT 2014
I know nothing about Cisco kit, but I've seen specifying a phase 2 modp
mess things up. I'd try changing phase2alg=aes128-sha1;modp1024 to just
phase2alg=aes128-sha1 but leave in pfs=yes. Having said that, if you set
pfs=no, then if the Cisco proposes yes Openswan will negotiate yes
On 2014-03-19 17:18, Mike Johnston wrote:
> I'm not too well versed on this stuff, but I have a few thoughts for you:
> * Make sure your secrets match.
> * Make sure the IP addresses in your secrets file are accurate.
> * Try doing some debugging on the ASA.
> * debug crypto isakmp 200 or even debug crypto isakmp 255
> * debug crypto ipsec
> * I never could get pfs to work between Openswan and a Cisco firewall. Try temporarily turning off pfs on both ends and see if you get any better luck.
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users 
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy 
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155 
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users