If it is required to check what encryption and authentication is supported by IPSec service, ike-scan utility can be used.
First we can launch it with default settings:
This command will try 8 default most popular transform sets.
If you get
Then non of default TS matched.
In this case you can try to change authentication method and add --auth 3 option, which means RSA signature instead of default pre-shared keys.
Moreover you can exactly configure entire transform set with --trans option:
The first figure means ecnryption type, the second hash type, the third authentication type and the fourth Diffie-Hellman group.
Tables of possible values and all other information are available in the User's Guide
First we can launch it with default settings:
ike-scan -M 10.10.10.1
This command will try 8 default most popular transform sets.
If you get
notify message 14 (NO-PROPOSAL-CHOSEN)
Then non of default TS matched.
In this case you can try to change authentication method and add --auth 3 option, which means RSA signature instead of default pre-shared keys.
Moreover you can exactly configure entire transform set with --trans option:
ike-scan -v --trans=1,2,3,1 10.10.10.1
The first figure means ecnryption type, the second hash type, the third authentication type and the fourth Diffie-Hellman group.
Tables of possible values and all other information are available in the User's Guide
