<DIV>Hi Paul here the correct log, the previous log was without certificate...</DIV>
<DIV> </DIV>
<DIV>Could u help me out ..</DIV>
<DIV> </DIV>
<DIV> 5-10: 09:33:41:154:50c Initialization OK<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: eb100d73-fa1d-4c7d-ab389026b83dac6f 4<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 82b823d7-89a4-45de-bd7c63dff1fc56f1 4<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: a46f5645-eb3e-42fe-92784881ff2c35f6 3<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7bc8194e-a4b9-44ae-a6fa06ed88ed7d80 3<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 4d95ad4d-b70a-4e18-929362eb9b65934d 1<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 7988f29c-480b-4099-b6a1cad52d2d889f 2<BR> 5-10: 10:00:50:767:50c isadb_schedule_kill_oldPolicy_sas: 2dbafb3b-48ec-41ec-865cd8f9faf3b6d9 2<BR> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4<BR> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 4<BR> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 3<BR> 5-10:
10:00:50:777:1fc entered kill_old_policy_sas 3<BR> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 1<BR> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2<BR> 5-10: 10:00:50:777:1fc entered kill_old_policy_sas 2<BR> 5-10: 10:01:07:501:544 Acquire from driver: op=00000006 src=192.168.1.2.0 dst=192.168.2.234.0 proto = 0, SrcMask=255.255.255.255, DstMask=255.255.255.0, Tunnel 1, TunnelEndpt=202.149.x.x Inbound TunnelEndpt=192.168.1.2<BR> 5-10: 10:01:07:511:1fc Filter to match: Src 202.149.x.x Dst 192.168.1.2<BR> 5-10: 10:01:07:551:1fc MM PolicyName: 2<BR> 5-10: 10:01:07:551:1fc MMPolicy dwFlags 2 SoftSAExpireTime 28800<BR> 5-10: 10:01:07:551:1fc MMOffer[0] LifetimeSec 28800 QMLimit 1 DHGroup 2<BR> 5-10: 10:01:07:561:1fc MMOffer[0] Encrypt: Triple DES CBC Hash: SHA<BR> 5-10: 10:01:07:561:1fc MMOffer[1] LifetimeSec 28800 QMLimit 1 DHGroup 2<BR> 5-10: 10:01:07:561:1fc MMOffer[1] Encrypt: Triple DES CBC Hash: MD5<BR> 
;5-10:
10:01:07:561:1fc MMOffer[2] LifetimeSec 28800 QMLimit 1 DHGroup 1<BR> 5-10: 10:01:07:561:1fc MMOffer[2] Encrypt: DES CBC Hash: SHA<BR> 5-10: 10:01:07:561:1fc MMOffer[3] LifetimeSec 28800 QMLimit 1 DHGroup 1<BR> 5-10: 10:01:07:561:1fc MMOffer[3] Encrypt: DES CBC Hash: MD5<BR> 5-10: 10:01:07:571:1fc Auth[0]:RSA Sig C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, <A href="mailto:E=deepak@netcore.co.in">E=deepak@netcore.co.in</A> AuthFlags 0<BR> 5-10: 10:01:07:571:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1<BR> 5-10: 10:01:07:571:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec 3600<BR> 5-10: 10:01:07:571:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648<BR> 5-10: 10:01:07:571:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5<BR> 5-10: 10:01:07:571:1fc Starting Negotiation: src = 192.168.1.2.0500, dst = 202.149.x.x.0500, proto = 00, context = 00000006, ProxySrc = 192.168.1.2.0000, ProxyDst =
192.168.2.0.0000 SrcMask = 255.255.255.255 DstMask = 255.255.255.0<BR> 5-10: 10:01:07:571:1fc constructing ISAKMP Header<BR> 5-10: 10:01:07:571:1fc constructing SA (ISAKMP)<BR> 5-10: 10:01:07:571:1fc Constructing Vendor MS NT5 ISAKMPOAKLEY<BR> 5-10: 10:01:07:581:1fc Constructing Vendor FRAGMENTATION<BR> 5-10: 10:01:07:581:1fc Constructing Vendor draft-ietf-ipsec-nat-t-ike-02<BR> 5-10: 10:01:07:581:1fc Constructing Vendor Vid-Initial-Contact<BR> 5-10: 10:01:07:581:1fc <BR> 5-10: 10:01:07:581:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500<BR> 5-10: 10:01:07:581:1fc ISAKMP Header: (V1.0), len = 276<BR> 5-10: 10:01:07:581:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:07:581:1fc R-COOKIE 0000000000000000<BR> 5-10: 10:01:07:581:1fc exchange: Oakley Main Mode<BR> 5-10: 10:01:07:581:1fc flags: 0<BR> 5-10: 10:01:07:581:1fc next payload: SA<BR> 
;5-10:
10:01:07:581:1fc message ID: 00000000<BR> 5-10: 10:01:07:581:1fc Ports S:f401 D:f401<BR> 5-10: 10:01:07:651:1fc <BR> 5-10: 10:01:07:651:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500<BR> 5-10: 10:01:07:651:1fc ISAKMP Header: (V1.0), len = 140<BR> 5-10: 10:01:07:651:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:07:651:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:07:651:1fc exchange: Oakley Main Mode<BR> 5-10: 10:01:07:651:1fc flags: 0<BR> 5-10: 10:01:07:651:1fc next payload: SA<BR> 5-10: 10:01:07:651:1fc message ID: 00000000<BR> 5-10: 10:01:07:651:1fc processing payload SA<BR> 5-10: 10:01:07:651:1fc Received Phase 1 Transform 1<BR> 5-10: 10:01:07:651:1fc Encryption Alg Triple DES CBC(5)<BR> 5-10: 10:01:07:651:1fc Hash Alg SHA(2)<BR> 5-10:
10:01:07:651:1fc Oakley Group 2<BR> 5-10: 10:01:07:651:1fc Auth Method RSA Signature with Certificates(3)<BR> 5-10: 10:01:07:651:1fc Life type in Seconds<BR> 5-10: 10:01:07:651:1fc Life duration of 28800<BR> 5-10: 10:01:07:651:1fc Phase 1 SA accepted: transform=1<BR> 5-10: 10:01:07:651:1fc SA - Oakley proposal accepted<BR> 5-10: 10:01:07:651:1fc processing payload VENDOR ID<BR> 5-10: 10:01:07:651:1fc processing payload VENDOR ID<BR> 5-10: 10:01:07:651:1fc processing payload VENDOR ID<BR> 5-10: 10:01:07:651:1fc Received VendorId draft-ietf-ipsec-nat-t-ike-02<BR> 5-10: 10:01:07:651:1fc ClearFragList<BR> 5-10: 10:01:07:651:1fc constructing ISAKMP Header<BR> 5-10: 10:01:07:722:1fc constructing KE<BR> 5-10: 10:01:07:722:1fc constructing NONCE (ISAKMP)<BR> 5-10: 10:01:07:722:1fc Constructing
NatDisc<BR> 5-10: 10:01:07:722:1fc <BR> 5-10: 10:01:07:722:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.500<BR> 5-10: 10:01:07:722:1fc ISAKMP Header: (V1.0), len = 232<BR> 5-10: 10:01:07:722:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:07:722:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:07:722:1fc exchange: Oakley Main Mode<BR> 5-10: 10:01:07:722:1fc flags: 0<BR> 5-10: 10:01:07:722:1fc next payload: KE<BR> 5-10: 10:01:07:722:1fc message ID: 00000000<BR> 5-10: 10:01:07:722:1fc Ports S:f401 D:f401<BR> 5-10: 10:01:07:802:1fc <BR> 5-10: 10:01:07:802:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.500<BR> 5-10: 10:01:07:802:1fc ISAKMP Header: (V1.0), len = 228<BR> 5-10: 10:01:07:802:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:07:802:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:07:802:1fc 
;
exchange: Oakley Main Mode<BR> 5-10: 10:01:07:802:1fc flags: 0<BR> 5-10: 10:01:07:802:1fc next payload: KE<BR> 5-10: 10:01:07:802:1fc message ID: 00000000<BR> 5-10: 10:01:07:802:1fc processing payload KE<BR> 5-10: 10:01:07:822:1fc processing payload NONCE<BR> 5-10: 10:01:07:822:1fc processing payload NATDISC<BR> 5-10: 10:01:07:822:1fc Processing NatHash<BR> 5-10: 10:01:07:822:1fc Nat hash 564683fd234d3238ad2b3e6c2814c4c9<BR> 5-10: 10:01:07:822:1fc 83193bec<BR> 5-10: 10:01:07:822:1fc SA StateMask2 1f<BR> 5-10: 10:01:07:822:1fc processing payload NATDISC<BR> 5-10: 10:01:07:822:1fc Processing NatHash<BR> 5-10: 10:01:07:822:1fc Nat hash f0f0334fcc4e26cd19259ea4703e573c<BR> 5-10: 10:01:07:822:1fc 2eee1a02<BR> 5-10: 10:01:07:822:1fc SA StateMask2 5f<BR> 5-10: 10:01:07:822:1fc ClearFragList<BR> 5-10: 10:01:07:822:1fc Peer behind NAT<BR> 5-10: 10:01:07:822:1f
c
Floated Ports Orig Me:f401 Peer:f401<BR> 5-10: 10:01:07:822:1fc Floated Ports Me:9411 Peer:9411<BR> 5-10: 10:01:07:822:1fc constructing ISAKMP Header<BR> 5-10: 10:01:07:822:1fc constructing ID<BR> 5-10: 10:01:07:822:1fc Received no valid CRPs. Using all configured<BR> 5-10: 10:01:07:822:1fc Looking for IPSec only cert<BR> 5-10: 10:01:07:882:1fc Cert Trustes. 0 100<BR> 5-10: 10:01:07:882:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d<BR> 5-10: 10:01:07:882:1fc f0a8d89b<BR> 5-10: 10:01:07:882:1fc CertFindExtenstion failed with 0<BR> 5-10: 10:01:07:882:1fc Entered CRL check<BR> 5-10: 10:01:07:922:1fc Left CRL check<BR> 5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d<BR> 5-10: 10:01:07:922:1fc f0a8d89b<BR> 5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Meghalay, L=Sikkim, O=Deepaks Legacy, OU=ME, CN=Legacy, <A
href="mailto:E=deepakslegacy@legacy.com">E=deepakslegacy@legacy.com</A><BR> 5-10: 10:01:07:922:1fc Cert Serialnumber 03<BR> 5-10: 10:01:07:922:1fc Cert SHA Thumbprint 0b065a2e45250192b3ea7c76a8ce330d<BR> 5-10: 10:01:07:922:1fc f0a8d89b<BR> 5-10: 10:01:07:922:1fc SubjectName: C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, <A href="mailto:E=deepak@netcore.co.in">E=deepak@netcore.co.in</A><BR> 5-10: 10:01:07:922:1fc Cert Serialnumber 00<BR> 5-10: 10:01:07:922:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772<BR> 5-10: 10:01:07:922:1fc 6ec58cb4<BR> 5-10: 10:01:07:922:1fc Not storing My cert chain in SA.<BR> 5-10: 10:01:07:932:1fc MM ID Type 9<BR> 5-10: 10:01:07:932:1fc MM ID 308191310b300906035504061302494e<BR> 5-10: 10:01:07:932:1fc 3111300f060355040813084d65676861<BR> 5-10: 10:01:07:932:1fc 6c6179310f300d060355040713065369<BR> 5-10: 10:01:07:932:1fc 6b6b696d31173015060355040a130e44<BR> 5-
10:
10:01:07:932:1fc 656570616b73204c6567616379310b30<BR> 5-10: 10:01:07:932:1fc 09060355040b13024d45310f300d0603<BR> 5-10: 10:01:07:932:1fc 55040313064c65676163793127302506<BR> 5-10: 10:01:07:932:1fc 092a864886f70d010901161864656570<BR> 5-10: 10:01:07:932:1fc 616b736c6567616379406c6567616379<BR> 5-10: 10:01:07:932:1fc 2e636f6d<BR> 5-10: 10:01:07:932:1fc constructing CERT<BR> 5-10: 10:01:07:932:1fc Construct SIG<BR> 5-10: 10:01:07:942:1fc Constructing Cert Request<BR> 5-10: 10:01:07:942:1fc C=IN, S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, <A href="mailto:E=deepak@netcore.co.in">E=deepak@netcore.co.in</A><BR> 5-10: 10:01:07:942:1fc <BR> 5-10: 10:01:07:942:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 2.4500<BR> 5-10: 10:01:07:942:1fc ISAKMP Header: (V1.0), len = 1412<BR> 5-10: 10:01:07:942:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:07:942:1fc R-COOKIE
6224079e5ef73641<BR> 5-10: 10:01:07:942:1fc exchange: Oakley Main Mode<BR> 5-10: 10:01:07:942:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:07:942:1fc next payload: ID<BR> 5-10: 10:01:07:942:1fc message ID: 00000000<BR> 5-10: 10:01:07:942:1fc Ports S:9411 D:9411<BR> 5-10: 10:01:08:152:1fc <BR> 5-10: 10:01:08:152:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500<BR> 5-10: 10:01:08:152:1fc ISAKMP Header: (V1.0), len = 1268<BR> 5-10: 10:01:08:152:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:08:152:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:08:152:1fc exchange: Oakley Main Mode<BR> 5-10: 10:01:08:152:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:08:152:1fc next payload: ID<BR> 5-10: 10:01:08:152:1fc message ID: 00000000<BR> 5-10: 10:01:08:152:1fc processing payload ID<BR> 5-10:
10:01:08:152:1fc processing payload CERT<BR> 5-10: 10:01:08:152:1fc processing payload SIG<BR> 5-10: 10:01:08:152:1fc Verifying CertStore<BR> 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, <A href="mailto:E=missionkashmir@kashmir.com">E=missionkashmir@kashmir.com</A><BR> 5-10: 10:01:08:152:1fc Cert Serialnumber 02<BR> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333<BR> 5-10: 10:01:08:152:1fc f8c38549<BR> 5-10: 10:01:08:152:1fc Cert Trustes. 0 100<BR> 5-10: 10:01:08:152:1fc SubjectName: C=IN, S=Kashmir, L=Baltal, O=Mission Kashmir, OU=AR, CN=Indian, <A href="mailto:E=missionkashmir@kashmir.com">E=missionkashmir@kashmir.com</A><BR> 5-10: 10:01:08:152:1fc Cert Serialnumber 02<BR> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333<BR> 5-10: 10:01:08:152:1fc f8c38549<BR> 5-10: 10:01:08:152:1fc SubjectName: C=IN
,
S=Maharashtra, L=Mumbai, O=Netcore, OU=IT, CN=Deepak, <A href="mailto:E=deepak@netcore.co.in">E=deepak@netcore.co.in</A><BR> 5-10: 10:01:08:152:1fc Cert Serialnumber 00<BR> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint f3f1c1a74b834a64ae9f25a3b255c772<BR> 5-10: 10:01:08:152:1fc 6ec58cb4<BR> 5-10: 10:01:08:152:1fc Not storing Peer's cert chain in SA.<BR> 5-10: 10:01:08:152:1fc Cert SHA Thumbprint 328df338e57b87d9d5a5a26279174333<BR> 5-10: 10:01:08:152:1fc f8c38549<BR> 5-10: 10:01:08:152:1fc Entered CRL check<BR> 5-10: 10:01:08:152:1fc Left CRL check<BR> 5-10: 10:01:08:152:1fc CertFindExtenstion failed with 0<BR> 5-10: 10:01:08:152:1fc Signature validated<BR> 5-10: 10:01:08:152:1fc ClearFragList<BR> 5-10: 10:01:08:152:1fc MM established. SA: 000E20C8<BR> 5-10: 10:01:08:192:1fc QM PolicyName: Host-roadwarrior filter action dwFlags 1<BR> 5-10: 10:01:08:192:1fc QMOffer[0] LifetimeKBytes 50000 LifetimeSec
3600<BR> 5-10: 10:01:08:192:1fc QMOffer[0] dwFlags 0 dwPFSGroup -2147483648<BR> 5-10: 10:01:08:192:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5<BR> 5-10: 10:01:08:192:1fc GetSpi: src = 192.168.2.0.0000, dst = 192.168.1.2.0000, proto = 00, context = 00000006, srcMask = 255.255.255.0, destMask = 255.255.255.255, TunnelFilter 1<BR> 5-10: 10:01:08:192:1fc Setting SPI 187970139<BR> 5-10: 10:01:08:192:1fc constructing ISAKMP Header<BR> 5-10: 10:01:08:192:1fc constructing HASH (null)<BR> 5-10: 10:01:08:192:1fc constructing SA (IPSEC)<BR> 5-10: 10:01:08:192:1fc constructing QM KE<BR> 5-10: 10:01:08:262:1fc constructing NONCE (IPSEC)<BR> 5-10: 10:01:08:262:1fc constructing ID (proxy)<BR> 5-10: 10:01:08:262:1fc constructing ID (proxy)<BR> 5-10: 10:01:08:262:1fc constructing HASH (QM)<BR> 5-10: 10:01:08:262:1fc <BR> 5-10: 10:01:08:262:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type
2.4500<BR> 5-10: 10:01:08:262:1fc ISAKMP Header: (V1.0), len = 308<BR> 5-10: 10:01:08:262:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:08:262:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:08:262:1fc exchange: Oakley Quick Mode<BR> 5-10: 10:01:08:262:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:08:262:1fc next payload: HASH<BR> 5-10: 10:01:08:262:1fc message ID: 3ac65429<BR> 5-10: 10:01:08:262:1fc Ports S:9411 D:9411<BR> 5-10: 10:01:08:473:1fc <BR> 5-10: 10:01:08:473:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500<BR> 5-10: 10:01:08:473:1fc ISAKMP Header: (V1.0), len = 300<BR> 5-10: 10:01:08:473:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:08:473:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:08:473:1fc exchange: Oakley Quick Mode<BR> 5-10: 10:01:08:473:1fc flags: 1 ( encrypte
d
)<BR> 5-10: 10:01:08:473:1fc next payload: HASH<BR> 5-10: 10:01:08:473:1fc message ID: 3ac65429<BR> 5-10: 10:01:08:473:1fc Received commit re-send<BR> 5-10: 10:01:08:473:1fc processing HASH (QM)<BR> 5-10: 10:01:08:473:1fc ClearFragList<BR> 5-10: 10:01:08:473:1fc processing payload NONCE<BR> 5-10: 10:01:08:473:1fc processing payload KE<BR> 5-10: 10:01:08:473:1fc Quick Mode KE processed; Saved KE data<BR> 5-10: 10:01:08:473:1fc processing payload ID<BR> 5-10: 10:01:08:473:1fc processing payload ID<BR> 5-10: 10:01:08:473:1fc processing payload SA<BR> 5-10: 10:01:08:473:1fc Negotiated Proxy ID: Src 192.168.1.2.0 Dst 192.168.2.0.0<BR> 5-10: 10:01:08:473:1fc Dst id for subnet. Mask 255.255.255.0<BR> 5-10: 10:01:08:473:1fc Checking Proposal 1: Proto= ESP(3), num trans=1 Next=0<BR> 5-10: 10:01:08:473:1fc Checking Transform # 1: ID=Triple DES CBC(3)<BR> 5-10: 10:01:08:473:1fc
SA life type in seconds<BR> 5-10: 10:01:08:473:1fc SA life duration 00000e10<BR> 5-10: 10:01:08:473:1fc SA life type in kilobytes<BR> 5-10: 10:01:08:473:1fc SA life duration 0000c350<BR> 5-10: 10:01:08:473:1fc tunnel mode is 61443(61443)<BR> 5-10: 10:01:08:473:1fc HMAC algorithm is MD5(1)<BR> 5-10: 10:01:08:473:1fc group description for PFS is 2<BR> 5-10: 10:01:08:473:1fc Phase 2 SA accepted: proposal=1 transform=1<BR> 5-10: 10:01:08:503:1fc constructing ISAKMP Header<BR> 5-10: 10:01:08:503:1fc constructing HASH (QM)<BR> 5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 2 EncapType 3<BR> 5-10: 10:01:08:503:1fc Algo[0] Operation: ESP Algo: Triple DES CB
C HMAC:
MD5<BR> 5-10: 10:01:08:503:1fc Algo[0] MySpi: 187970139 PeerSpi: 2342575122<BR> 5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500<BR> 5-10: 10:01:08:503:1fc Skipping Outbound SA add<BR> 5-10: 10:01:08:503:1fc Adding QMs: src = 192.168.1.2.0000, dst = 192.168.2.0.0000, proto = 00, context = 00000006, my tunnel = 192.168.1.2, peer tunnel = 202.149.x.x, SrcMask = 0.0.0.0, DestMask = 255.255.255.0 Lifetime = 3600 LifetimeKBytes 50000 dwFlags 381 Direction 3 EncapType 3<BR> 5-10: 10:01:08:503:1fc Algo[0] Operation: ESP Algo: Triple DES CBC HMAC: MD5<BR> 5-10: 10:01:08:503:1fc Algo[0] MySpi: 187970139 PeerSpi: 2342575122<BR> 5-10: 10:01:08:503:1fc Encap Ports Src 4500 Dst 4500<BR> 5-10: 10:01:08:503:1fc Skipping Inbound SA add<BR> 5-10: 10:01:08:503:1fc Leaving adjust_peer_list entry 0012A418 MMCount 0 QMCount 1<BR> 5-10: 10:01:08:513:1fc isadb_set_status sa:000E20C8 centry:000E97E8 status 0<BR> 5-10:
10:01:08:513:1fc <BR> 5-10: 10:01:08:513:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500<BR> 5-10: 10:01:08:513:1fc ISAKMP Header: (V1.0), len = 52<BR> 5-10: 10:01:08:513:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:08:513:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:08:513:1fc exchange: Oakley Quick Mode<BR> 5-10: 10:01:08:513:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:08:513:1fc next payload: HASH<BR> 5-10: 10:01:08:513:1fc message ID: 3ac65429<BR> 5-10: 10:01:08:513:1fc Ports S:9411 D:9411<BR> 5-10: 10:01:18:627:1fc <BR> 5-10: 10:01:18:627:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500<BR> 5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 300<BR> 5-10: 10:01:18:627:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:18:627:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:18:627:1fc &nbs
p;
exchange: Oakley Quick Mode<BR> 5-10: 10:01:18:627:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:18:627:1fc next payload: HASH<BR> 5-10: 10:01:18:627:1fc message ID: 3ac65429<BR> 5-10: 10:01:18:627:1fc Received commit re-send<BR> 5-10: 10:01:18:627:1fc invalid payload received<BR> 5-10: 10:01:18:627:1fc Resending last payload<BR> 5-10: 10:01:18:627:1fc <BR> 5-10: 10:01:18:627:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500<BR> 5-10: 10:01:18:627:1fc ISAKMP Header: (V1.0), len = 52<BR> 5-10: 10:01:18:627:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:18:627:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:18:627:1fc exchange: Oakley Quick Mode<BR> 5-10: 10:01:18:627:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:18:627:1fc next payload: HASH<BR> 5-10: 10:01:18:627:1fc message ID: 3ac65429<BR> 5
-10:
10:01:18:627:1fc Ports S:9411 D:9411<BR> 5-10: 10:01:18:627:1fc GetPacket failed 3613<BR> 5-10: 10:01:38:746:1fc <BR> 5-10: 10:01:38:746:1fc Receive: (get) SA = 0x000e20c8 from 202.149.x.x.4500<BR> 5-10: 10:01:38:746:1fc ISAKMP Header: (V1.0), len = 300<BR> 5-10: 10:01:38:746:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:38:746:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:38:746:1fc exchange: Oakley Quick Mode<BR> 5-10: 10:01:38:746:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:38:746:1fc next payload: HASH<BR> 5-10: 10:01:38:746:1fc message ID: 3ac65429<BR> 5-10: 10:01:38:746:1fc Received commit re-send<BR> 5-10: 10:01:38:746:1fc invalid payload received<BR> 5-10: 10:01:38:746:1fc Resending last payload<BR> 5-10: 10:01:38:746:1fc <BR> 5-10: 10:01:38:746:1fc Sending: SA = 0x000E20C8 to 202.149.x.x:Type 4.4500<BR> 5-10: 10:01:38
:746:1fc
ISAKMP Header: (V1.0), len = 52<BR> 5-10: 10:01:38:746:1fc I-COOKIE bf4f1da6649c761f<BR> 5-10: 10:01:38:746:1fc R-COOKIE 6224079e5ef73641<BR> 5-10: 10:01:38:746:1fc exchange: Oakley Quick Mode<BR> 5-10: 10:01:38:746:1fc flags: 1 ( encrypted )<BR> 5-10: 10:01:38:746:1fc next payload: HASH<BR> 5-10: 10:01:38:746:1fc message ID: 3ac65429<BR> 5-10: 10:01:38:746:1fc Ports S:9411 D:9411<BR> 5-10: 10:01:38:746:1fc GetPacket failed 3613<BR><BR><BR><B><I>Paul Wouters <paul@xelerance.com></I></B> wrote:
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">On Mon, 9 May 2005, Deepak Naidu wrote:<BR><BR>> C:\ipsec>ping 192.168.2.234<BR>> Pinging 192.168.2.234 with 32 bytes of data:<BR>> Negotiating IP Security.<BR>> Request timed out.<BR>> Request timed out.<BR>> Request timed out.<BR>> Ping statistics for 192.168.2.234:<BR>> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),<BR><BR>Check the oakley.log to see what Windows thinks is happening. And<BR>check the openswan logs to see what it is saying. Though likely,<BR>if this is a windows misconfiguration, openswan will just log<BR>"no response to....." entries.<BR><BR>See the wiki on how to enable oakley.log on windows.<BR><BR>Paul<BR><BR>><BR>> Deepak Naidu <DEEPAK_NAI@YAHOO.COM>wrote:<BR>> Hi,<BR>><BR>> I am using Openswan 2.3.1 VPN server on FC3<BR>> 2.6.9smp kernel. It is behind a NAT and I have natted<BR>> ports 4500, and 5
00. The
issue is when using<BR>> l2tpd+x509cert from Winxp with VPN dialer is working<BR>> fine. But when using Mullers' ipsec.exe tool, with<BR>> the below configs in the ipsec.conf of Winxp pc.... I<BR>> am unable to ping my network.. It doesnt even give<BR>> negotiating message, but host unreacheable....<BR>><BR>> Should I have to write some more firewall rules to<BR>> open the ports in my NAT.<BR>><BR>> I have SP2 with support tools and ipseccmd.exe file..<BR>><BR>> Winxp is a roadwarrior on dialup...<BR>><BR>> Please advise me...<BR>><BR>> Ipsec.conf on Winxp...<BR>><BR>> conn roadwarrior<BR>> pfs=yes<BR>> left=%any<BR>> right=202.x.x.x<BR>> rightsubnet=192.168.2.0/24<BR>> rightca="C=IN, S=state, L=location, O=company,<BR>> OU=IT, CN=name, E=name@company.com"<BR>> network=auto<BR>> auto=start<BR>><BR>><BR>> Regards,<BR>> Deepak.<BR>><BR>><BR>><BR>>
___________________________________________________________<BR>> How much free photo storage do you get? Store your holiday<BR>> snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com<BR>> _______________________________________________<BR>> Users mailing list<BR>> Users@openswan.org<BR>> http://lists.openswan.org/mailman/listinfo/users<BR>><BR>><BR>> ---------------------------------<BR>> How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos. Get Yahoo! Photos<BR></BLOCKQUOTE></DIV><BR><BR><DIV>
<DIV>
<P><FONT face="times new roman" color=#40a0ff size=5><FONT color=#ff8080><FONT size=4><IMG style="WIDTH: 43px; HEIGHT: 36px" height=272 src="http://prometeo.lett.unisi.it/linux/linux-logo.gif" width=308><STRONG>Linux your Life,</STRONG></FONT></FONT><STRONG><FONT size=4> Don't Window it [[]]</FONT></STRONG> </FONT></P>
<P><FONT face="Times New Roman" color=#40a0ff size=1> <FONT color=#8b8b8b> <FONT size=2><STRONG>{ All for the best }</STRONG></FONT></FONT></FONT></P></DIV></DIV><p>Send instant messages to your online friends http://uk.messenger.yahoo.com