Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Openswan client/Cisco RV220W not connecting

I am attempting to connect a laptop with an openswan client (Openswan IPsec U2.6.28/K3.0.0-12-generic) with my Cisco RV220W. My connection fails, and the VPN status log shows the following:

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Configuration found for 108.58.YY.YY[500].

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Received request for new phase 1 negotiation: 108.58.XX.XX[500]<=>108.58.YY.YY[500]

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Beginning Identity Protection mode.

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Received unknown Vendor ID

2011-12-06 15:04:59: [rv220w][IKE] INFO:  Received Vendor ID: DPD

2011-12-06 15:04:59: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:09: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:11: [rv220w][IKE] ERROR:  Phase 1 negotiation failed due to time up for 108.58.YY.YY[500]. c2e6f14d16bef607:02dbd105dcc0b299

2011-12-06 15:05:19: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:29: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:39: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:49: [rv220w][IKE] ERROR:  Ignore information because the message has no hash payload.

2011-12-06 15:05:59: [rv220w][IKE] ERROR:  Phase 1 negotiation failed due to time up for 108.58.YY.YY[500]. 5646ff766f579fb0:b221f323a56ba913

My configuration on the RV220W is as follows:

VPN Policy:

Auto Policy

Remote endpoint is an IP address with 108.58.YY.YY

Local traffic is a subnet

Remote traffic is a single IP (same as above)

Encryption/hash settings are: 3DES, SHA1, no PFS key group, SA lifetime of 3600

IKE Policy:

Responder

Main mode

Local and Remote use explicit IP addresses

3des,sha1,pre-shared key,DH group 2,lifetime of 28800,no dead peer detection,no xauth

On the client, I have the following openswan configuration:

# /etc/ipsec.conf - Openswan IPsec configuration file

# This file:  /usr/share/doc/openswan/ipsec.

conf-sample
#
# Manual:     ipsec.conf.5


version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # Do not set debug options to debug configuration issues!
    # plutodebug / klipsdebug = "all", "none" or a combation from below:
    # "raw crypt parsing emitting control klips pfkey natt x509 dpd private"
     # eg:
    # plutodebug="control parsing"
    #
    # enable to get logs per-peer
    # plutoopts="--perpeerlog"
    #
    # Again: only enable plutodebug or klipsdebug when asked by a developer
     #
    # NAT-TRAVERSAL support, see README.NAT-Traversal
    nat_traversal=no
    # exclude networks used on server side by adding %v4:!a.b.c.0/24
    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
     # OE is now off by default. Uncomment and change to on, to enable.
    oe=off
    # which IPsec stack to use. auto will try netkey, then klips then mast
    interfaces=%defaultroute
    plutodebug=all
    protostack=netkey

# Add connections here
conn L2TP-PSK
     # Use a pre-shared key.
      # Connection type _must_ be transport mode
     authby=secret
     keyingtries=3
     type=transport
     # "left" is the local linux machine
     left=%defaultroute
     leftprotoport=17/1701
      # "right" is the remote server
     right=108.58.XX.XX
     rightprotoport=17/1701
     # Do not install on startup
     auto=add
     # SA settings
      ike=3des-sha1-modp1024
     esp=3des-sha1
     keyexchange=ike
     pfs=no

I would appreciate any insights into what might be going wrong here.

1 REPLY
New Member

Openswan client/Cisco RV220W not connecting

Were you able to find a solution to your issue.   I am having a Similar issue connecting to a ASA 5510.

Thanks!

1910
Views
0
Helpful
1
Replies