[Openswan Users] Ubuntu on Amazon VPC to Cisco ASA 5500
Daniel Cave
dan.cave at me.com
Tue Apr 12 02:34:05 EDT 2016
Looks like the Cisco end isn't set up properly to except request from the Amazon elastic IP and your left subnet isn't correct either
Sent from my iPhone
> On 12 Apr 2016, at 04:15, jude mwenda <judemwenda at gmail.com> wrote:
>
> Hey Newbie here,
>
> I am trying to connect to an cisco ASA router with little success. The tunnel seems to fail to come up. The error I get is as follows.
>
> 031 "connection-safcom/0x7" #16: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x7" #16: starting keying attempt 2 of an unlimited number, but releasing whack
>
> 031 "connection-safcom/0x6" #15: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x6" #15: starting keying attempt 2 of an unlimited number, but releasing whack
>
> 031 "connection-safcom/0x5" #14: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x5" #14: starting keying attempt 2 of an unlimited number, but releasing whack
>
> 031 "connection-safcom/0x4" #13: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x4" #13: starting keying attempt 2 of an unlimited number, but releasing whack
>
> 031 "connection-safcom/0x3" #12: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x3" #12: starting keying attempt 2 of an unlimited number, but releasing whack
>
> 031 "connection-safcom/0x2" #11: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x2" #11: starting keying attempt 2 of an unlimited number, but releasing whack
>
> 031 "connection-safcom/0x1" #10: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
>
> 000 "connection-safcom/0x1" #10: starting keying attempt 2 of an unlimited number, but releasing whack
>
>
> My ipsec.conf looks as follows. Is there anything that I am missing or what could I be doing wrong? I do have the elastic ip from Amazon but also using the internal private IP seems not to yield any fruits. Any pointers?
>
> conn connection-safcom
>
> authby=secret
>
> auto=start
>
> ikelifetime=24h
>
> forceencaps=yes
>
> keylife=8h
>
> rekey=yes
>
> ike=3des-md5;modp1024
>
> #phase2alg=aes128-sha1
>
> #aggrmode=yes
>
> phase2=esp
>
> phase2alg=3des-md5;modp1024
>
> ## phase 1 ##
>
> keyexchange=ike
>
> ## phase 2 ##
>
> #esp=3des-md5
>
> #ike=aes128-sha1-modp1024
>
> pfs=no
>
> type=tunnel
>
> left=%defaultroute
>
> leftid=<Amazon elastic ip>
>
> leftsourceip=<Amazon elastic ip>
>
> leftsubnet=0.0.0.0/0
>
> ##leftsubnet=<Amazon internal ip/subnet>
>
> leftnexthop=%defaultroute
>
> ##leftprotoport=17/1701 ##
>
> ## for direct routing ##
>
> right= <remote IP>
>
>
> Thanks in advance
> --
> Regards,
>
> Jude Mwenda
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160412/cf01b111/attachment.html>
More information about the Users
mailing list