[strongSwan] Connection to Cisco not passing Main Mode

[Stuart Beckett]

Andreas,
 
I added that and it did not change anything.
 
So, I asked for a debug from the Cisco side and the error was:
 
Aug  6 17:57:02 UTC: ISAKMP:(0:68:HW:2):No pre-shared key with 71.5.35.91!
Aug  6 17:57:02 UTC: ISAKMP:(0:68:HW:2): phase 1 SA policy not acceptable! (local 144.168.7.164 remote 71.5.36.91)
 
This was an issue on there side, the PSK host was set incorrect.  That was corrected, and I am now seeing that more data is passing between the two, but again, it does not pass past the Main Mode.  The Cisco side is:
 
144.168.7.164   71.5.36.91      MM_SA_SETUP         81    0
 
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2):SA authentication status:
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2):        authenticated
Aug  6 19:45:01 UTC: IPSEC(validate_transform_proposal): proxy identities not supported
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2): IPSec policy invalidated proposal
Aug  6 19:45:01 UTC: ISAKMP:(0:72:HW:2): phase 2 SA policy not acceptable! (local 144.168.7.164 remote 65.203.61.17)
 
The strongSwan side is the same.
 
This appears to be where the Cisco is seeing my IP as different, but I don't know why it would.
 
Any suggestions?
 
Thanks
 
Stuart 


>>> On 8/6/2010 at 2:42 PM, Andreas Steffen <andreas.steffen at strongswan.org> wrote:
Hello Stuart,

could you add leftnexthop = %defaultroute

Regards

Andreas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100806/ccfa37f5/attachment.html>