<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'>
Hi,<br><br>I am using strongSwan on openwrt 10.0.3.1-rc4.<br><br>I am tryting to connect using using iphone and snow leopard using built in cisco client, but I get the same error. <br><br>I am able to connect using ipsec/l2tp on both the devices. I am also able to connect using cisco client using windows os.<br><br>I followed the direction on the following page which allowed me to connect using cisco client using windows.<br><br>http://wiki.strongswan.org/projects/strongswan/wiki/IOS_%28Apple%29<br><br>root@OpenWrt:~# ipsec version<br>Linux strongSwan U4.3.7/K2.6.32.25<br>Institute for Internet Technologies and Applications<br>University of Applied Sciences Rapperswil, Switzerland<br>See 'ipsec --copyright' for copyright information.<br><br><br>config setup<br>        nat_traversal=yes<br>        charonstart=no<br>        plutostart=yes<br><br>conn L2TP<br>        authby=psk<br>        pfs=no<br>        rekey=no<br>        type=tunnel<br>        esp=aes128-sha1<br>        ike=aes128-sha-modp1024<br>        left=%defaultroute<br>        leftprotoport=17/1701<br>        right=%any<br>        rightprotoport=17/%any<br>        rightsubnetwithin=0.0.0.0/0<br>        auto=add<br><br>conn cisco<br>        keyexchange=ikev1<br>        authby=xauthrsasig<br>        xauth=server<br>        left=%defaultroute<br>        leftsubnet=0.0.0.0/0<br>        leftfirewall=yes<br>        leftcert=serverCert.pem<br>        right=%any<br>        rightsubnet=192.168.168.0/24<br>        rightsourceip=192.168.168.2<br>        rightcert=clientCert.pem<br>        pfs=no<br>        auto=add<br><br><br><br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: received Vendor ID payload [RFC 3947]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:6720: received Vendor ID payload [XAUTH]<br>Jun  9 09:44:21 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: NAT-Traversal: Result using RFC 3947: peer is NATed<br>Jun  9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: ignoring informational payload, type IPSEC_INITIAL_CONTACT<br>Jun  9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: Peer ID is ID_DER_ASN1_DN: 'C=US, O=strongSwan, CN=client'<br>Jun  9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: crl not found<br>Jun  9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: certificate status unknown<br>Jun  9 09:44:25 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:6720 #2: we have a cert and are sending it upon request<br>Jun  9 09:44:26 OpenWrt authpriv.debug pluto[1538]: | NAT-T: new mapping 208.54.35.143:6720/32850)<br>Jun  9 09:44:26 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:32850 #2: sent MR3, ISAKMP SA established<br>Jun  9 09:44:26 OpenWrt authpriv.warn pluto[1538]: "cisco"[2] 208.54.35.143:32850 #2: sending XAUTH request<br>Jun  9 09:44:26 OpenWrt authpriv.warn pluto[1538]: packet from 208.54.35.143:32850: Informational Exchange is for an unknown (expired?) SA<br><br>                                      </body>
</html>