Hi, On Tue, 25.11.2008 at 12:11:42 +0100, Christoph Leser <[EMAIL PROTECTED]> wrote: > But it uses 3, if it initiates the exchange. > > if so, I would guess that is the reason for the 'NO PROPOSAL CHOSEN' messages. > Can I configure 61443 es encapsulation mode in isakmpd.conf?
I'm not aware of such a facility, but you could set the OpenBSD side to be passive, and maybe the Cisco to retry more often, and/or for a longer time. That way the Cisco has more opportunity to initiate the connection and suggest his way of doing things to OpenBSD. Saying "NO PROPOSAL CHOSEN" until renegotiation timers run out means that you don't have a tunnel after that. Just my 0.2 cents... Kind regards, --Toni++
