Question : VPN between free s/wan and cisco 3000

I'm trying to establish a VPN with IPSec between Free S/WAN and a Cisco 3000 concentrator. The Interface on my Linux firewall limits the configurations available to me so tweeks need to be made at the cisco end.

I get the following at the Free S/WAN end:
000 "remote_site": 192.xxx.xxx.xxx/32===193.xxx.xxx.xxx---193.xxx.xxx.xxx...
000 "remote_site": ...194.xxx.xxx.xxx===192.xxx.xxx.xxx/32
000 "remote_site": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_
fuzz: 100%; keyingtries: 0
000 "remote_site": policy: POLICY_PSK+POLICY_ENCRYPT+POLICY_TUNNEL+POLICY_PFS; int
erface: eth1; routed
000 "remote_site": newest ISAKMP SA: #1; newest IPsec SA: #0; eroute owner: #0
000 #3: "remote_site" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in
26s
000 #1: "remote_site" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 25
73s; newest ISAKMP
conn remote_site

So you see the first handshake stage is completed successfully. The cisco then complains of a Policy incompatibility (no useful fault numbers I'm afraid). I assume it's the PFS policy (set to "yes" in Free S/WAN; various leves on cisco 1, 2, & 5 from memory)

Any assistance of where to look / references to docs etc. would be greatfully appreciated

Answer : VPN between free s/wan and cisco 3000

To start with, it sounds like you may have the concentrator setup to expect different source and destination networks than your Linux box. They need to match.

On the concentrator, check the Local and Remote Network settings for the IPSec Tunnel. You can find them here (assuming you are setting up a LAN-to-LAN VPN) : Configuration --> System --> Tunneling Protocols --> IPSec --> LAN-to-LAN --> Whatever-you-called-this-VPN-connection.

While you are here, you might as well double check the other settings.

If you are using network lists to define the local and remote networks above, they can be edited here: Configuration --> Policy Management --> Traffic Management --> Network Lists.

While you are at it, check your policy rules here:
Configuration --> Policy Management --> Traffic Management --> Rules.

Anyway, check out your settings to make sure they match, then give it another shot. If there are any changes to the errors in your event log, post them and we'll take a look.

Good luck.

Random Solutions

Win95 / VLM's / More than 3 LPT ports?

Creating a DNS host entry for a domain name using Widnows DNS server

Question on PAC files

configuring Linkysys router and IIS to work with DirectUpdate and DynDNS

UU encoded message comes up as plain text in Hotmail but not in Outlook?

Windows 2003 RRAS Client DNS Registration problem

LanManRedirector Error: network issues?

Configuring a Windows 2003 DNS Server for an Intranet

Wireless: Still Connected but no data being transmitted

DNS resolution on PIX firewall