<font color='black' size='2' face='Arial, Helvetica, sans-serif'>try using "hash sha" in the isakmp policy section.<br>
<br>
<div style="clear:both">Germano Veit Michel<br>
germanovmichel@aim.com<br>
</div>
<br>
<br>
<div style="font-family:arial,helvetica;font-size:10pt;color:black">-----Original Message-----<br>
From: mohsen atiq <mohsen_atigh2000@yahoo.com><br>
To: users <users@lists.strongswan.org><br>
Sent: Fri, Jun 8, 2012 6:16 pm<br>
Subject: [strongSwan] strongswna to cisco router IPSEC problem<br>
<br>
<div id="AOLMsgPart_2_aa3a7cc3-f68a-473d-b178-9f7b05565a89">
<div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:12pt">
<div><span style="font-size: 12pt; ">Hi </span><br>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">
<div style="font-size: 12pt; font-family: 'times new roman', 'new york', times, serif; ">
<div id="yiv1099027612">
<div>
<div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">i have cisco router and a linux box and i want IPSEC connection between them </div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">my Linux IPSEC configuration is </div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div>
<div><font face="verdana, helvetica, sans-serif">config setup</font></div>
<div><font face="verdana, helvetica, sans-serif"> crlcheckinterval=180</font></div>
<div><font face="verdana, helvetica, sans-serif">
strictcrlpolicy=no</font></div>
<div><font face="verdana, helvetica, sans-serif"> plutostart=yes</font></div>
<div><font face="verdana, helvetica, sans-serif"><br>
</font></div>
<div><font face="verdana, helvetica, sans-serif">conn test1</font></div>
<div><font face="verdana, helvetica, sans-serif"> left=192.168.40.2</font></div>
<div><font face="verdana, helvetica, sans-serif"> leftsubnet=192.168.20.0/24</font></div>
<div><font face="verdana, helvetica, sans-serif"> right=192.168.40.20</font></div>
<div><font face="verdana, helvetica, sans-serif"> rightsubnet=192.168.1.0/24</font></div>
<div><font face="verdana, helvetica, sans-serif"> pfs=no</font></div>
<div><font face="verdana, helvetica, sans-serif"> authby=psk</font></div>
<div><font face="verdana, helvetica, sans-serif"> type=tunnel</font></div>
<div><font face="verdana, helvetica, sans-serif"> auth=esp</font></div>
<div><font face="verdana, helvetica, sans-serif"> auto=start</font></div>
<div><font face="verdana, helvetica, sans-serif"> ike=aes256-sha1-modp1024</font></div>
<div><font face="verdana, helvetica, sans-serif"> esp=aes256-sha1-modp1024</font></div>
<div><font face="verdana, helvetica, sans-serif"> dpddelay=10s</font></div>
<div><font face="verdana, helvetica, sans-serif"> dpdaction=restart</font></div>
<div><font face="verdana, helvetica, sans-serif"> keyexchange=ikev1</font></div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">and my cisco router configuration is </div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div>
<div><font face="verdana, helvetica, sans-serif">crypto isakmp policy 1</font></div>
<div><font face="verdana, helvetica, sans-serif"> encr aes 256</font></div>
<div><font face="verdana, helvetica, sans-serif"> authentication pre-share</font></div>
<div><font face="verdana, helvetica, sans-serif"> group 2</font></div>
<div><font face="verdana, helvetica, sans-serif">crypto isakmp key 123456 address 192.168.40.2</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">crypto ipsec transform-set 40.2 esp-aes 256 esp-sha-hmac</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">crypto map test-40.2 1
ipsec-isakmp</font></div>
<div><font face="verdana, helvetica, sans-serif"> set peer 192.168.40.2</font></div>
<div><font face="verdana, helvetica, sans-serif"> set transform-set 40.2</font></div>
<div><font face="verdana, helvetica, sans-serif"> match address 115</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">interface FastEthernet0/0</font></div>
<div><font face="verdana, helvetica, sans-serif"> no ip address</font></div>
<div><font face="verdana, helvetica, sans-serif"> shutdown</font></div>
<div><font face="verdana, helvetica, sans-serif"> duplex half</font></div>
<div><font face="verdana, helvetica, sans-serif"> !</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">interface FastEthernet1/0</font></div>
<div><font face="verdana, helvetica, sans-serif"> ip address 192.168.40.20 255.255.255.0</font></div>
<div><font face="verdana, helvetica, sans-serif"> no ip route-cache cef</font></div>
<div><font face="verdana, helvetica, sans-serif"> no ip route-cache</font></div>
<div><font face="verdana, helvetica, sans-serif"> duplex auto</font></div>
<div><font face="verdana, helvetica, sans-serif"> speed auto</font></div>
<div><font face="verdana, helvetica, sans-serif"> crypto map test-40.2</font></div>
<div><font face="verdana, helvetica, sans-serif"> !</font></div>
<div><font face="verdana, helvetica, sans-serif">!</font></div>
<div><font face="verdana, helvetica, sans-serif">interface FastEthernet1/1</font></div>
<div><font face="verdana, helvetica, sans-serif"> ip address 192.168.1.10 255.255.255.0</font></div>
<div><font face="verdana, helvetica, sans-serif"> no ip route-cache cef</font></div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
</div>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div>
<div><font face="verdana, helvetica, sans-serif">access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255</font></div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">when i start strongswan and enable cisco ipsec debug i have following error in my cisco router</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div><font face="verdana, helvetica, sans-serif">*Jun 3 22:10:50.259: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:</font></div>
<div><font face="verdana, helvetica, sans-serif"> {esp-aes 256 esp-sha-hmac }</font></div>
<div><font face="verdana, helvetica, sans-serif">*Jun 3 22:10:50.263: ISAKMP:(1028): IPSec policy invalidated proposal with error 256</font></div>
<div><font face="verdana, helvetica, sans-serif">*Jun 3 22:10:50.263: ISAKMP:(1028): phase 2 SA policy not acceptable! (local 192.168.40.20 remote 192.168.40.2)</font></div>
<div><font face="verdana, helvetica, sans-serif">*Jun 3 22:10:50.267: ISAKMP:(1028):deleting node -1251133401 error TRUE reason "QM rejected"</font></div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "> </div>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; ">thanks for you help </div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "> </div>
<div style="font-size: 12pt; font-family: verdana, helvetica, sans-serif; "><br>
</div>
</div>
</div>
</div>
<br>
<br>
</div>
</div>
</div>
</div>
<!-- end of AOLMsgPart_2_aa3a7cc3-f68a-473d-b178-9f7b05565a89 -->
<div id="AOLMsgPart_3_aa3a7cc3-f68a-473d-b178-9f7b05565a89" style="margin: 0px;font-family: Tahoma, Verdana, Arial, Sans-Serif;font-size: 12px;color: #000;background-color: #fff;">
<pre style="font-size: 9pt;"><tt>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.strongswan.org">Users@lists.strongswan.org</a>
<a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a>
</tt></pre>
</div>
<!-- end of AOLMsgPart_3_aa3a7cc3-f68a-473d-b178-9f7b05565a89 -->
</div>
</font>