[Openswan Users] Ubuntu on Amazon VPC to Cisco ASA 5500

jude mwenda judemwenda at gmail.com
Mon Apr 11 23:15:18 EDT 2016 

Hey Newbie here,

I am trying to connect to an cisco ASA router with little success. The
tunnel seems to fail to come up. The error I get is as follows.

031 "connection-safcom/0x7" #16: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x7" #16: starting keying attempt 2 of an unlimited
number, but releasing whack

031 "connection-safcom/0x6" #15: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x6" #15: starting keying attempt 2 of an unlimited
number, but releasing whack

031 "connection-safcom/0x5" #14: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x5" #14: starting keying attempt 2 of an unlimited
number, but releasing whack

031 "connection-safcom/0x4" #13: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x4" #13: starting keying attempt 2 of an unlimited
number, but releasing whack

031 "connection-safcom/0x3" #12: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x3" #12: starting keying attempt 2 of an unlimited
number, but releasing whack

031 "connection-safcom/0x2" #11: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x2" #11: starting keying attempt 2 of an unlimited
number, but releasing whack

031 "connection-safcom/0x1" #10: max number of retransmissions (2) reached
STATE_QUICK_I1.  No acceptable response to our first Quick Mode message:
perhaps peer likes no proposal

000 "connection-safcom/0x1" #10: starting keying attempt 2 of an unlimited
number, but releasing whack

My ipsec.conf looks as follows. Is there anything that I am missing or what
could I be doing wrong? I do have the elastic ip from Amazon but also using
the internal private IP seems not to yield any fruits. Any pointers?

conn connection-safcom

  authby=secret

  auto=start

  ikelifetime=24h

  forceencaps=yes

  keylife=8h

  rekey=yes

  ike=3des-md5;modp1024

  #phase2alg=aes128-sha1

  #aggrmode=yes

  phase2=esp

  phase2alg=3des-md5;modp1024

  ## phase 1 ##

  keyexchange=ike

  ## phase 2 ##

  #esp=3des-md5

  #ike=aes128-sha1-modp1024

  pfs=no

  type=tunnel

  left=%defaultroute

  leftid=<Amazon elastic ip>

  leftsourceip=<Amazon elastic ip>

  leftsubnet=0.0.0.0/0

  ##leftsubnet=<Amazon internal ip/subnet>

  leftnexthop=%defaultroute

  ##leftprotoport=17/1701 ##

  ## for direct routing ##

  right= <remote IP>

Thanks in advance
-- 
Regards,

Jude Mwenda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160411/f7949084/attachment.html>

More information about the Users mailing list