[strongSwan] Problem connecting to a Cisco Unity gateway

Bas van Dijk v.dijk.bas at gmail.com
Mon Feb 16 12:37:10 CET 2015

BTW is my following understanding of the NO_PROPOSAL_CHOSEN error
correct: strongSwan correcty executes phase 1 of IKE because I see the

IKE_SA data-display[1] established between[]...[]

However, it can't finish phase 2 because the cipher suites that my
strongSwan says it supports (configured with the "esp" setting) are
not supported by the Cicso gateway on the other end. That is why the
gateway sends the NO_PROPOSAL_CHOSEN message:

received NO_PROPOSAL_CHOSEN error notify

Is there a way to find out which cipher suites the Cisco router
supports? I know that during phase 1 of IKE I get a "received
proposals" message:

charon[24416]: 08[CFG] received proposals:
charon[24416]: 08[CFG] configured proposals:
charon[24416]: 08[CFG] selected proposal:

Is there something similar for phase 2?

Are there also other tools to debug this problem? I already tried ike-scan:

sudo ike-scan -v -v -v




More information about the Users mailing list