I just purchased this linksys router and trying to configure it for one of our remote offices to connect to my main office. but reguardless of how I configure it, I seem to consistently get this NO_PROPOSAL_CHOSEN error. I'm using a Linksys WRVS4400 for remote office and a PIX 515 for main office.
Here's my Linksys Config
IPSec VPN Tunnel: Enable
Tunnel Name: eacvpns2
Local Security Gateway type: IP Only
IP address: x.x.x.x
Local Security Group Type: Subnet
IP Address: 192.168.5.1
Subnet Mask: 255.255.255.0
Remote Security Gateway: IP Only
IP address: x.x.x.x (pix external IP address)
Remote Security Group Type: Subnet
IP Address: 192.168.10.0
Subnet Mask: 255.255.255.0
Keying Mode: IKE with Preshared Key
phase 1
Encryption: 3DES
Authenticaion: MD5
Group: 1024-bit
key life time: 86400
phase 2
Encryption: 3DES
Authentication: MD5
Perfect Forward Secrecy: Disabled
Preshared Key: testing
Group: 1024-bit
key life time: 86400
Agressive mode: off
Netbios Broadcast: off
my PIX config looks like this.
crypto ipsec transform-set eacvpns esp-des esp-md5-hmac
crypto ipsec transform-set eacvpns2 esp-3des esp-md5-hmac
crypto map transam 1 ipsec-isakmp
crypto map transam 1 match address 101
crypto map transam 1 set peer x.x.x.x (remote office w/ pix)
crypto map transam 1 set transform-set eacvpns
crypto map transam 3 ipsec-isakmp
crypto map transam 3 match address 103
crypto map transam 3 set peer x.x.x.x (remote office w/ pix)
crypto map transam 3 set transform-set eacvpns
crypto map transam 5 ipsec-isakmp
crypto map transam 5 match address 105
crypto map transam 5 set peer x.x.x.x (remote office w/ Linksys WRVS4400N)
crypto map transam 5 set transform-set eacvpns2
crypto map transam interface outside
isakmp enable outside
isakmp key ******** address x.x.x.x netmask 255.255.255.248 (remote office w/ pix)
isakmp key ******** address x.x.x.x netmask 255.255.255.248 (remote office w/ pix)
isakmp key ******** address x.x.x.x netmask 255.255.255.248 no-xauth no-config-mode (remote office w/ Linksys WRVS4400N)
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption 3des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
Here's a copy of my Linksys Logs
Jun 19 15:03:57 - Configuration changed!
Jun 19 15:03:59 - [VPN Log]: shutting down
Jun 19 15:03:59 - [VPN Log]: forgetting secrets
Jun 19 15:03:59 - [VPN Log]: "eacvpns2": deleting connection
Jun 19 15:03:59 - [VPN Log]: "eacvpns2" #2: deleting state (STATE_QUICK_I1)
Jun 19 15:03:59 - [VPN Log]: "eacvpns2" #1: deleting state (STATE_AGGR_I2)
Jun 19 15:03:59 - [VPN Log]: ERROR: "eacvpns2": pfkey write() of SADB_X_DELFLOW message 6 for flow int.0@0.0.0.0 failed. Errno 14: Bad address
Jun 19 15:04:00 - [VPN Log]: "eacvpns2": unroute-client output: 0
Jun 19 15:04:00 - [VPN Log]: shutting down interface ipsec0/eth1 172.16.77.112:4500
Jun 19 15:04:00 - [VPN Log]: shutting down interface ipsec0/eth1 172.16.77.112:500
Jun 19 15:04:00 - IPSEC EVENT: KLIPS device ipsec0 shut down.
Jun 19 15:04:03 - [VPN Log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)
Jun 19 15:04:03 - [VPN Log]: @(#) built on Sep 3 2007:16:44:42:
Jun 19 15:04:03 - [VPN Log]: Setting NAT-Traversal port-4500 floating to on
Jun 19 15:04:03 - [VPN Log]: port floating activation criteria nat_t=1/port_fload=1
Jun 19 15:04:03 - [VPN Log]: including NAT-Traversal patch (Version 0.6c)
Jun 19 15:04:03 - [VPN Log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 19 15:04:03 - [VPN Log]: starting up 1 cryptographic helpers
Jun 19 15:04:03 - [VPN Log]: started helper pid=2589 (fd:5)
Jun 19 15:04:03 - [VPN Log]: Using KLIPS IPsec interface code on 2.4.27-star
Jun 19 15:04:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/cacerts'
Jun 19 15:04:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/aacerts'
Jun 19 15:04:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/ocspcerts'
Jun 19 15:04:03 - [VPN Log]: Changing to directory '/etc/ipsec.d/crls'
Jun 19 15:04:03 - [VPN Log]: Warning: empty directory
Jun 19 15:04:03 - [VPN Log]: added connection description "eacvpns2"
Jun 19 15:04:03 - [VPN Log]: listening for IKE messages
Jun 19 15:04:03 - [VPN Log]: adding interface ipsec0/eth1 172.16.77.112:500
Jun 19 15:04:03 - [VPN Log]: adding interface ipsec0/eth1 172.16.77.112:4500
Jun 19 15:04:03 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"
Jun 19 15:04:05 - [VPN Log]: "eacvpns2": route-client output: 0
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: initiating Main Mode
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: received Vendor ID payload [XAUTH]
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: received Vendor ID payload [Dead Peer Detection]
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: received Vendor ID payload [Cisco-Unity]
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: ignoring unknown Vendor ID payload [16df04afde729f9719c0a5dfe
0d66fb5]
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: I did not send a certificate because I do not have one.
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: Main mode peer ID is ID_IPV4_ADDR: 'x.x.x.x'
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1024}
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DISABLE
ARRIVALCHE
CK+DONTREK
EY+UP {using isakmp#1}
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: received and ignored informational message
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: ignoring informational payload, type NO_PROPOSAL_CHOSEN
Jun 19 15:04:05 - [VPN Log]: "eacvpns2" #1: received and ignored informational message
Jun 19 15:04:12 - ipsec0: no IPv6 routers present
Jun 19 15:05:15 - [VPN Log]: "eacvpns2" #2: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
I just recently added 3des to my PIX, so I know that's not an issue. I've tried running with agressive mode on and off, and many other things that I've found on the web. I'm at a loss as to what to try next
Start Free Trial
