[Openswan Users] Connecting to Cisco VPN, getting INVALID_ID_INFORMATION followed by "perhaps peer likes no proposal"

Tim McCune tim at mccune.name
Wed Mar 19 13:50:52 EDT 2014

Thanks Mike.  I've double-checked both the secret and the addresses in
ipsec.secrets.  Also tried changing pfs to no.  Still the same error.  I
don't have any ability to do any debugging or change any settings on the
Cisco device.  I have asked them to see if there is anything helpful
getting logged, but so far no response.

On Wed, Mar 19, 2014 at 10:18 AM, Mike Johnston <mjohnston at wiktel.com>wrote:

>  I'm not too well versed on this stuff, but I have a few thoughts for you:
>    - Make sure your secrets match.
>    - Make sure the IP addresses in your secrets file are accurate.
>    - Try doing some debugging on the ASA.
>       - debug crypto isakmp 200 or even debug crypto isakmp 255
>       - debug crypto ipsec
>    - I never could get pfs to work between Openswan and a Cisco
>    firewall.  Try temporarily turning off pfs on both ends and see if you get
>    any better luck.
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140319/f796a2b2/attachment.html>

More information about the Users mailing list