[Openswan Users] Help connect Openswan on centos to Cisco ASA 5520

Afzal Khan khanafzal at gmail.com
Wed Feb 11 04:28:51 EST 2015 

Hi

I am trying to connect to a cisco ASA 5520 at a client location. My server
runs centos with openswan

The config provided by the client is:

Phase 1 Properties:
Authentication Method* Pre-Shared Secret
Encryption Scheme IKE
perfect fwd secrecy – IKE DH GROUP2
Encryption Algorithm – IKE DES
Hashing Algorithm – IKE SHA
Renegotiate IKE SA time 86400 seconds

Phase 2 Properties:
Transform-set (IPSEC Protocol) ESP
Perfect Fwd Secrecy - IPSEC DH GROUP2
Encryption Algorithm - IPSEC ESP-DES
Hashing Algorithm - IPSEC ESP-SHA-HMAC
Renegotiate IPSEC SA time 86400 seconds



My config:

conn xyz
        type=tunnel
        authby=secret
        auth=esp
        ikelifetime=86400s
        keylife=86400s
        esp=3des-sha1
        ike=3des-sha1-modp1024
        keyexchange=ike
        pfs=yes
#local - centos
        left=198.xxx.xxx.192
        leftsourceip=192.168.21.101
#remote - cisco
        right=121.xxx.xxx.244
        rightsubnet=172.19.16.0/24

        auto=start


/var/log/messages:

Feb 11 14:28:37 host ipsec__plutorun: 002 added connection description "xyz"
Feb 11 14:28:37 host ipsec__plutorun: 104 "xyz" #1: STATE_MAIN_I1: initiate


/var/log/secure:

Feb 11 14:28:37 host pluto[26936]: added connection description "xyz"
Feb 11 14:28:37 host pluto[26936]: loading secrets from
"/etc/ipsec.d/xyz.secrets"
Feb 11 14:28:37 host pluto[26936]: "xyz" #1: initiating Main Mode
Feb 11 14:28:37 host pluto[26936]: "xyz" #1: ignoring informational
payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Feb 11 14:28:37 host pluto[26936]: "xyz" #1: received and ignored
informational message


iptables -L:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED
...
ACCEPT     all  --  127.0.0.1            0.0.0.0/0
icmp_packets  icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:500
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:4500
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED
...
ACCEPT     all  --  0.0.0.0/0            127.0.0.1
icmp_packets  icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:500
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:4500
...
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:444
LOG_DROP   all  --  0.0.0.0/0            0.0.0.0/0




What am i doing wrong here?


Please help me with this

Thank You
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150211/127a59aa/attachment.html>

More information about the Users mailing list