[Ipsec-tools-devel] Possible incompatibility between Cisco and racoon?
Brought to you by:
mit_warlord,
netbsd
From: Luis G. <bew...@ya...> - 2010-04-16 16:45:14
|
Hi; The problem I have is not new, it has been asked sometimes before in this forum during the last year, but I have not found any answer. The fact is that I have seen a config made by Patrick Preuss in his blog, but now this config does not work because of problems in the security config. Maybe something has been changed on Cisco in the last IOS releases or I am doing anything bad. The problem is related to compatibility between ipsec-tools 0.8 and cisco routers, because for any reason, the cisco router doesn't accept any phase 2 security option from racoon. Instead, is not any problem between the two computers. I have changed the security options (DES, 3DES, MD5, SHA) in both the racoon and the Cisco, but always the following error or similar (other times the error is 256) is shown to me. *Apr 16 16:09:29.387: ISAKMP:(1006):Checking IPSec proposal 1 *Apr 16 16:09:29.387: ISAKMP: transform 1, ESP_3DES *Apr 16 16:09:29.387: ISAKMP: attributes in transform: *Apr 16 16:09:29.387: ISAKMP: SA life type in seconds *Apr 16 16:09:29.387: ISAKMP: SA life duration (basic) of 43200 *Apr 16 16:09:29.387: ISAKMP: encaps is 2 (Transport) *Apr 16 16:09:29.387: ISAKMP: authenticator is HMAC-MD5 *Apr 16 16:09:29.387: ISAKMP:(1006):atts are acceptable. *Apr 16 16:09:29.387: ISAKMP:(1006): IPSec policy invalidated proposal with error 32 *Apr 16 16:09:29.387: ISAKMP:(1006): phase 2 SA policy not acceptable! (local 172.18.1.254 remote 172.18.1.1) Is there any known configuration in which both systems are compatible? Thank you. |