[strongSwan] strongswna to cisco router IPSEC problem

mohsen atiq mohsen_atigh2000 at yahoo.com
Fri Jun 8 23:15:48 CEST 2012


Hi 



i have cisco router and a linux box and i want IPSEC connection between them 
my Linux IPSEC configuration is 

config setup
        crlcheckinterval=180
        strictcrlpolicy=no
        plutostart=yes

conn test1
        left=192.168.40.2
        leftsubnet=192.168.20.0/24
        right=192.168.40.20
        rightsubnet=192.168.1.0/24
        pfs=no
        authby=psk
        type=tunnel
        auth=esp
        auto=start
        ike=aes256-sha1-modp1024
        esp=aes256-sha1-modp1024
        dpddelay=10s
        dpdaction=restart
        keyexchange=ikev1

and my cisco  router configuration is  

crypto isakmp policy 1
 encr aes 256
 authentication pre-share
 group 2
crypto isakmp key 123456 address 192.168.40.2
!
!
crypto ipsec transform-set 40.2 esp-aes 256 esp-sha-hmac
!
crypto map test-40.2 1 ipsec-isakmp
 set peer 192.168.40.2
 set transform-set 40.2
 match address 115
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
 !
!
interface FastEthernet1/0
 ip address 192.168.40.20 255.255.255.0
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 crypto map test-40.2
 !
!
interface FastEthernet1/1
 ip address 192.168.1.10 255.255.255.0
 no ip route-cache cef



access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255

when i start strongswan and enable cisco ipsec debug i have following error in my cisco router

*Jun  3 22:10:50.259: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
    {esp-aes 256 esp-sha-hmac }
*Jun  3 22:10:50.263: ISAKMP:(1028): IPSec policy invalidated proposal with error 256
*Jun  3 22:10:50.263: ISAKMP:(1028): phase 2 SA policy not acceptable! (local 192.168.40.20 remote 192.168.40.2)
*Jun  3 22:10:50.267: ISAKMP:(1028):deleting node -1251133401 error TRUE reason "QM rejected"
 
thanks for you help 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120608/ba26ca43/attachment.html>


More information about the Users mailing list