[strongSwan] Connection to Cisco not passing Main Mode
SRBeckett at teamfishel.com
Fri Aug 6 21:57:58 CEST 2010
I added that and it did not change anything.
So, I asked for a debug from the Cisco side and the error was:
Aug 6 17:57:02 UTC: ISAKMP:(0:68:HW:2):No pre-shared key with 18.104.22.168!
Aug 6 17:57:02 UTC: ISAKMP:(0:68:HW:2): phase 1 SA policy not acceptable! (local 22.214.171.124 remote 126.96.36.199)
This was an issue on there side, the PSK host was set incorrect. That was corrected, and I am now seeing that more data is passing between the two, but again, it does not pass past the Main Mode. The Cisco side is:
188.8.131.52 184.108.40.206 MM_SA_SETUP 81 0
Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2):SA authentication status:
Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): authenticated
Aug 6 19:45:01 UTC: IPSEC(validate_transform_proposal): proxy identities not supported
Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): IPSec policy invalidated proposal
Aug 6 19:45:01 UTC: ISAKMP:(0:72:HW:2): phase 2 SA policy not acceptable! (local 220.127.116.11 remote 18.104.22.168)
The strongSwan side is the same.
This appears to be where the Cisco is seeing my IP as different, but I don't know why it would.
>>> On 8/6/2010 at 2:42 PM, Andreas Steffen <andreas.steffen at strongswan.org> wrote:
could you add leftnexthop = %defaultroute
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users