[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(racoon 946) Re: racoon + Cisco VPN Client
- To: racoon@kame.net
- Subject: (racoon 946) Re: racoon + Cisco VPN Client
- From: Aidas Kasparas <a.kasparas@gmc.lt>
- Date: Tue, 12 Jul 2005 07:02:57 +0300
- Delivered-to: racoon-archive@kame.net
- Delivered-to: racoon-outgo@kame.net
- Delivered-to: racoon@orange.kame.net
- Delivered-to: racoon@kame.net
- In-reply-to: <000001c58665$a0777790$5721010a@zultys.com>
- References: <000001c58665$a0777790$5721010a@zultys.com>
- Reply-to: racoon@kame.net
- Sender: owner-racoon@kame.net
- User-agent: Debian Thunderbird 1.0.2 (X11/20050331)
Sergiy Lozovsky wrote:
>
>
> Hi,
>
>
>
> I try to use Cisco VPN Client with racoon. From what I can see raccoon
> supports CISCO Client only in a hybrid mode.
>
> CISCO Client can be set up for ‘Group Authentication’ (without any
> certificates). When it connects to raccoon – phase 1 is ok, but after
> that CISCO complains:
>
>
>
> 89 14:51:36.546 07 /11/05 Sev=Info/4 IKE/0x63000017
>
> Marking IKE SA for deletion (I_Cookie=434DF5DFB40ECB39
> R_Cookie=CF982318DD2078D0) reason = DEL_REASON_NON_UNITY_PEER
>
>
>
> It expects VENDORID_UNITY from us. Racoon sets VENDORID_UNITY only for a
> hybrid authentication. Can someone clarify:
>
>
Because it needs us to tell him what crypto parameters should used (I
did not find in that client a place to specify remote networks with whom
to crypt traffic, just gateway).
I'm not sure, but most likely that part which tells it parameters is
called "unity".
>
> 1. What is VENDORID_UNITY means? Hybrid auth? Or anything else?
> 2. Can CISCO Client work with raccoon using just shared key?
>
Don't think it's possible.
--
Aidas Kasparas
IT administrator
GM Consult Group, UAB