Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1714 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN with Cisco

QVICIO
I need stablish vpn between asl4 and cisco

The policies are:

ike_auth_alg = sha
ike_dh_group = modp768
ike_enc_alg = 3des
ike_mode = main
ike_sa_lifetime = 7800
ipsec_auth_alg = sha1
ipsec_comp = 0
ipsec_enc_alg = 3des
ipsec_mode = tunnel
ipsec_pfs = 0
ipsec_proto = esp
ipsec_sa_lifetime = 3600
ipsec_strict_policy = 0
key_exchange = ike


and this is the vpn log:

responding to Main Mode
2004-Feb 27 11:31:44 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: ignoring Vendor ID payload [Cisco-Unity]
2004-Feb 27 11:31:44 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: received Vendor ID payload [Dead Peer Detection]
2004-Feb 27 11:31:44 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: ignoring Vendor ID payload [f71da8396fbdce14...]
2004-Feb 27 11:31:44 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: ignoring Vendor ID payload [XAUTH]
2004-Feb 27 11:31:44 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: Main mode peer ID is ID_IPV4_ADDR: '195.55.47.10'
2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: sent MR3, ISAKMP SA established
2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: cannot respond to IPsec SA request because no connection is known for xxx.127.55.42...195.55.47.10
2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: sending encrypted notification INVALID_ID_INFORMATION to 195.55.47.10:500
2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: received Delete SA payload: deleting ISAKMP State #1649


SomeOne help me ?


Thanks 


This thread was automatically locked due to age.
Parents
  • 0
    004-Feb 27 11:31:45 (none) pluto[1105]:  PSK__TELEFONICA-10_1" #1649: cannot respond to IPsec SA request because no connection is known for xxx.127.55.42...195.55.47.10
    2004-Feb 27 11:31:45 (none) pluto[1105]: "PSK__TELEFONICA-10_1" #1649: sending encrypted notification INVALID_ID_INFORMATION to 195.55.47.10:500

    check the id setting for the connection.  

    greetings,

    gnjb 
  • 0 in reply to gnujuba
    OK.
    if i put local and remote subnet with "none", the conexion work fine, but if i put local subnet with "internal_network", the conexion not work....

    help me please 
Reply Children
  • 0 in reply to QVICIO
    the subnet configurations have to be the same on both sides of the vpn.
    check the cisco config for the subnet of remote_subnet.

    greets,
    gnjb  
  • 0 in reply to gnujuba
    The problem is in the subnets.

    This is the document that the client send me to the conection with the router cisco:

    Fichero /etc/sysconfig/network-scripts/ud_tun0:

    # script que se ejecuta cuando la asociacion ipsec "cifrador1" cambia de estado
    TUNEL=`/sbin/ifconfig | grep tunnel0 | awk '{print $1}'`
    if [ $TUNEL ]; then
    ifconfig tunnel0 down
    ip tunnel del name tunnel0
    fi
    ip tunnel add name tunnel0 mode ipip remote 195.55.47.10 local 213.4.12.242 dev ipsec0 ttl 255
    ifconfig tunnel0 up 195.55.47.2 netmask 255.255.255.252 pointopoint 195.55.47.1 mtu 1500 multicast

    195.55.47.10 is the ip of Cisco

    How i can put this configuration of subnets in the asl ?

    Thanks
     
Cookie Information Banner