[strongSwan] strongswna to cisco router IPSEC problem
mohsen atiq
mohsen_atigh2000 at yahoo.com
Fri Jun 8 23:15:48 CEST 2012
Hi
i have cisco router and a linux box and i want IPSEC connection between them
my Linux IPSEC configuration is
config setup
crlcheckinterval=180
strictcrlpolicy=no
plutostart=yes
conn test1
left=192.168.40.2
leftsubnet=192.168.20.0/24
right=192.168.40.20
rightsubnet=192.168.1.0/24
pfs=no
authby=psk
type=tunnel
auth=esp
auto=start
ike=aes256-sha1-modp1024
esp=aes256-sha1-modp1024
dpddelay=10s
dpdaction=restart
keyexchange=ikev1
and my cisco router configuration is
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key 123456 address 192.168.40.2
!
!
crypto ipsec transform-set 40.2 esp-aes 256 esp-sha-hmac
!
crypto map test-40.2 1 ipsec-isakmp
set peer 192.168.40.2
set transform-set 40.2
match address 115
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
!
interface FastEthernet1/0
ip address 192.168.40.20 255.255.255.0
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
crypto map test-40.2
!
!
interface FastEthernet1/1
ip address 192.168.1.10 255.255.255.0
no ip route-cache cef
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
when i start strongswan and enable cisco ipsec debug i have following error in my cisco router
*Jun 3 22:10:50.259: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-sha-hmac }
*Jun 3 22:10:50.263: ISAKMP:(1028): IPSec policy invalidated proposal with error 256
*Jun 3 22:10:50.263: ISAKMP:(1028): phase 2 SA policy not acceptable! (local 192.168.40.20 remote 192.168.40.2)
*Jun 3 22:10:50.267: ISAKMP:(1028):deleting node -1251133401 error TRUE reason "QM rejected"
thanks for you help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120608/ba26ca43/attachment.html>
More information about the Users
mailing list