I'm trying to connect with a Cisco VPN client using a IPSEC VPN. Intially I tried using pre-shared keys and I got the
unsupported exchange type ISAKMP_XCHG_AGGR
error message which I believe is an issue with the Cisco client. The fix was to use certs which I have now setup. However I am now getting the following error message
| protocol/port in Phase 1 ID Payload is 17/0. accepted with port_floating NAT-T
2009:01:06-21:13:00 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: Peer ID is ID_DER_ASN1_DN: 'C=uk, L=London, O=Private, CN=***x, E=***@***.com'
2009:01:06-21:13:00 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: self-signed cacert rejected
2009:01:06-21:13:00 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: crl not found
2009:01:06-21:13:00 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: certificate status unknown
2009:01:06-21:13:00 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: no suitable connection for peer 'C=uk, L=London, O=Private, CN=***x, E=***x@hotmail.com'
2009:01:06-21:13:00 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: sending encrypted notification INVALID_ID_INFORMATION to 90.204.48.233:500
2009:01:06-21:13:06 (none) pluto[5473]: "D_Gateway_0"[2] 90.204.48.233 #4: ignoring Delete SA payload: ISAKMP SA not established
2009:01:06-21:13:15 (none) pluto[5473]: ERROR: asynchronous network error report on eth0 for message to 90.204.48.233 port 500, complainant 90.204.48.233: Connection refused [errno 111, origin ICMP type 3 code 3 (not authenticated)]
Any ideas?
This thread was automatically locked due to age.
