<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Ok, thanks - but unfortunattely I haven't got acces a watchguard, I'll
ask the person who has..<br>
<br>
<br>
<br>
Paul Wouters wrote:
<blockquote
cite="midPine.LNX.4.63.0607141643200.28145@tla.xelerance.com"
type="cite">
<pre wrap="">On Fri, 14 Jul 2006, Adam Gawda wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: initiating Main
Mode
</pre>
</blockquote>
<pre wrap=""><!---->
ok, so you are letting openswan initiate.
</pre>
<blockquote type="cite">
<pre wrap="">Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: received Vendor
ID payload [draft-ietf-ipsec-nat-t-ike-03]
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: enabling possible
NAT-traversal with method RFC XXXX (NAT-Traversal)
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: transition from
state STATE_MAIN_I1 to state STATE_MAIN_I2
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: I did not send a
certificate because I do not have one.
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: both are NATed
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: transition from
state STATE_MAIN_I2 to state STATE_MAIN_I3
Jul 14 10:05:08 rt_1 pluto[5447]: | protocol/port in Phase 1 ID Payload
is 17/0. accepted with port_floating NAT-T
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: Peer ID is
ID_IPV4_ADDR: 'x.x.x.x'
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: transition from
state STATE_MAIN_I3 to state STATE_MAIN_I4
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #1: ISAKMP SA
established
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #2: initiating Quick
Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #2: transition from
state STATE_QUICK_I1 to state STATE_QUICK_I2
Jul 14 10:05:08 rt_1 pluto[5447]: "alfa-watchguard" #2: sent QI2, IPsec
SA established {ESP=>0xcb04ae40 <0x0b76643c NATOA=0.0.0.0}
</pre>
</blockquote>
<pre wrap=""><!---->
So the tunnel is up now.
</pre>
<blockquote type="cite">
<pre wrap="">Jul 14 10:49:39 rt_1 pluto[5447]: "alfa-watchguard" #3: initiating Main
Mode to replace #1
--------------------------- from this moment vpn doesn't work
</pre>
</blockquote>
<pre wrap=""><!---->
The rekey should not bring the old tunnel down.
</pre>
<blockquote type="cite">
<pre wrap="">Jul 14 11:02:49 rt_1 pluto[5447]: "alfa-watchguard" #3: max number of
retransmissions (20) reached STATE_MAIN_I1. No response (or no
acceptable response) to our first IKE message
</pre>
</blockquote>
<pre wrap=""><!---->
That's odd. Suddenly the watchguard is not talking to us at all?
Check the logs on the watchguard. Something is wrong there.
Perhaps it has some "dont rekey" option set?
Paul</pre>
</blockquote>
<br>
</body>
</html>