[strongSwan] Connection to Cisco not passing Main Mode

Stuart Beckett SRBeckett at teamfishel.com
Fri Aug 6 21:57:58 CEST 2010

I added that and it did not change anything.
So, I asked for a debug from the Cisco side and the error was:
Aug  6 17:57:02 UTC: ISAKMP:(0:68:HW:2):No pre-shared key with!
Aug  6 17:57:02 UTC: ISAKMP:(0:68:HW:2): phase 1 SA policy not acceptable! (local remote
This was an issue on there side, the PSK host was set incorrect.  That was corrected, and I am now seeing that more data is passing between the two, but again, it does not pass past the Main Mode.  The Cisco side is:      MM_SA_SETUP         81    0
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2):SA authentication status:
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2):        authenticated
Aug  6 19:45:01 UTC: IPSEC(validate_transform_proposal): proxy identities not supported
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2): IPSec policy invalidated proposal
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2): phase 2 SA policy not acceptable! (local remote
The strongSwan side is the same.
This appears to be where the Cisco is seeing my IP as different, but I don't know why it would.
Any suggestions?

>>> On 8/6/2010 at 2:42 PM, Andreas Steffen <andreas.steffen at strongswan.org> wrote:
Hello Stuart,

could you add leftnexthop = %defaultroute


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100806/ccfa37f5/attachment.html>

More information about the Users mailing list