Date: Tue, 8 Apr 2008 08:24:42 -0700 (PDT) From: Mark Busby <redtick@sbcglobal.net> To: help help <freebsd-questions@freebsd.org> Subject: ipsec-racoon and a cisco pix 515e Message-ID: <730653.69491.qm@web81207.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help
Having trouble getting my first connection setup. I am must use the 3des md5 encryption. This is from the error log. : DEBUG: hash validated. : DEBUG: begin. : DEBUG: seen nptype=8(hash) : DEBUG: seen nptype=11(notify) : DEBUG: succeed. : ERROR: unknown notify message, no phase2 handle found. : DEBUG: notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=3 spi=0fddcb32(size=4). : ERROR: 72.164.229.178 give up to get IPsec-SA due to time up to wait. : DEBUG: an undead schedule has been deleted. : DEBUG: msg 1 not interesting : DEBUG: msg 1 not interesting setkey -D -P 192.168.75.101/0[any] 192.168.1.203/0[any] ip4 in ipsec esp/tunnel/72.164.229.178-75.41.234.82/require created: Apr 8 09:59:05 2008 lastused: Apr 8 09:59:05 2008 lifetime: 0(s) validtime: 0(s) spid=16389 seq=1 pid=896 refcnt=1 192.168.1.203/0[any] 192.168.75.101/0[any] ip4 out ipsec esp/tunnel/75.41.234.82-72.164.229.178/require created: Apr 8 09:59:05 2008 lastused: Apr 8 10:09:04 2008 lifetime: 0(s) validtime: 0(s) spid=16388 seq=0 pid=896 refcnt=1 racoon.conf path pre_shared_key "/usr/local/etc/racoon/psk.txt"; path certificate "@sysconfdir_x@/cert"; log debug2; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } listen { isakmp 75.41.234.82 [500]; } timer { counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per send. phase1 30 sec; phase2 15 sec; } remote 72.164.229.178 { exchange_mode aggressive,main,base; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm md5 ; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des ; authentication_algorithm hmac_md5 ; compression_algorithm deflate ; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?730653.69491.qm>