[strongSwan] Problem connecting to a Cisco Unity gateway
Bas van Dijk
v.dijk.bas at gmail.com
Mon Feb 16 12:37:10 CET 2015
BTW is my following understanding of the NO_PROPOSAL_CHOSEN error
correct: strongSwan correcty executes phase 1 of IKE because I see the
message:
IKE_SA data-display[1] established between
192.168.42.213[83.161.66.130]...213.163.70.4[213.163.70.4]
However, it can't finish phase 2 because the cipher suites that my
strongSwan says it supports (configured with the "esp" setting) are
not supported by the Cicso gateway on the other end. That is why the
gateway sends the NO_PROPOSAL_CHOSEN message:
received NO_PROPOSAL_CHOSEN error notify
Is there a way to find out which cipher suites the Cisco router
supports? I know that during phase 1 of IKE I get a "received
proposals" message:
charon[24416]: 08[CFG] received proposals:
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon[24416]: 08[CFG] configured proposals:
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
charon[24416]: 08[CFG] selected proposal:
IKE:DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Is there something similar for phase 2?
Are there also other tools to debug this problem? I already tried ike-scan:
sudo ike-scan -v -v -v 213.163.70.4
http://pastebin.com/FpwT6xEH
Cheers,
Bas
More information about the Users
mailing list