Re: [strongSwan] Watchguard Edge - StrongSwan

Tue, 17 Mar 2009 06:15:56 -0700 

Hi Andreas,
Sorry... I'm really new to VPN configuration...

I changed the watchguard edge configuration. but I'm getting this
message: max number of retransmissions (2) reached STATE_QUICK_I1.  No
acceptable response to our first Quick Mode message: perhaps peer likes no
proposal

These are the new watchguard configs

Phase 1 Settings:
Mode: Main Mode
Authentication Algorithm: SHA1-HMAC
Encryption Algorithm: AES (256)
Diffie-Helman Group: 2

Phase 2 Settings:
Authentication Algorithm: SHA1-HMAC
Encryption Algorithm: AES (256)
Enable PFS

This is the conn at ipsec.conf:
conn vpntest
        keyexchange=ikev1
        ike=aes256-sha-modp1536
        pfs=yes
        pfsgroup=modp1536
        esp=aes256-sha1-modp1536
        compress=no
        authby=secret
        left=200.111.111.111
        leftsubnet=10.10.10.0/24
        leftfirewall=yes
        lefthostaccess=yes
        right=200.222.222.222
        rightsubnet=192.168.10.0/24
        auto=start

What could be wrong in the configs above?

Thanks in advance for your help! :)

2009/3/17 Andreas Steffen <andreas.stef...@strongswan.org>

> strongSwan does *not* support IKEv1 Aggressive Mode - otherwise we would
> have named the project weakSwan!
>
> Best regards
>
> Andreas
>
> Tica wrote:
> > Hello all,
> > I'm really new to Strongwan!!
> >
> > Is it possible to connect Watchguard Edge to Strongswan?
> >
> > I'm asking this because I'm having huge headaches here trying to
> establish a
> > VPN between these two systems.
> >
> > The biggest problem is that I can't change the watchguard edge's
> > configuration... and I already tried (without success) a lot of
> > configurations in ipsec.conf.
> >
> > These are the watchguard configurations:
> >
> > Phase 1 Settings
> > ----------------
> > Mode: Agressive Mode
> > Authentication Algorithm: SHA1-HMAC
> > Encryption Algorithm: DES-CBC
> > Diffie-Helman Group: 1
> >
> > Phase 2 Settings
> > ----------------
> > Authentication Algorithm: SHA1-HMAC
> > Encryption Algorithm: DES-CBC
> > Enable PFS
> >
> > Please... what should be the correct configuration to ipsec.conf ??
> >
> > keyexchange=ikev1
> > esp= ?
> > pfs=yes
> > pfsgroup= ?
> > compress=no
> > authby=secret
> > ike= ?
> >
> > Any help will be really apreciated!!
> >
> > Thanks in advance to you all!
> >
>
>
> --
> ======================================================================
> Andreas Steffen                         andreas.stef...@strongswan.org
> strongSwan - the Linux VPN Solution!                www.strongswan.org
> Institute for Internet Technologies and Applications
> University of Applied Sciences Rapperswil
> CH-8640 Rapperswil (Switzerland)
> ===========================================================[ITA-HSR]==
>



-- 
Tica ;-)
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to