VPN between free s/wan and cisco 3000
Posted on 2002-07-29
I'm trying to establish a VPN with IPSec between Free S/WAN and a Cisco 3000 concentrator. The Interface on my Linux firewall limits the configurations available to me so tweeks need to be made at the cisco end.
I get the following at the Free S/WAN end:
000 "remote_site": 192.xxx.xxx.xxx/32===193.xxx.xxx.xxx---193.xxx.xxx.xxx...
000 "remote_site": ...194.xxx.xxx.xxx===192.xxx.xxx.xxx/32
000 "remote_site": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_
fuzz: 100%; keyingtries: 0
000 "remote_site": policy: POLICY_PSK+POLICY_ENCRYPT+POLICY_TUNNEL+POLICY_PFS; int
erface: eth1; routed
000 "remote_site": newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0
000 #3: "remote_site" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in
000 #1: "remote_site" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 25
73s; newest ISAKMP
So you see the first handshake stage is completed successfully. The cisco then complains of a Policy incompatibility (no useful fault numbers I'm afraid). I assume it's the PFS policy (set to "yes" in Free S/WAN; various leves on cisco 1, 2, & 5 from memory)
Any assistance of where to look / references to docs etc. would be greatfully appreciated