<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.5730.11" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left>
<P><SPAN class=272484717-07122006><FONT size=2>You appear to be using NAT-T so
you will not see ESP frames with tcpdump, you are more likeley to see encap UDP
4500 frames.</FONT></SPAN></P>
<P><SPAN class=272484717-07122006><FONT size=2></FONT></SPAN> </P>
<P><SPAN class=272484717-07122006><FONT size=2>Paul</FONT></SPAN></P></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> users-bounces@openswan.org
[mailto:users-bounces@openswan.org] <B>On Behalf Of </B>Didine<BR><B>Sent:</B>
07 December 2006 17:45<BR><B>To:</B> users@openswan.org<BR><B>Subject:</B>
[Openswan Users] Openswan 2.4.7 and juniper ns208<BR></FONT><BR></DIV>
<DIV></DIV>Hello,<BR>I'm a new user of openswan.<BR>I try to set up a connexion
between openswan (Linux Openswan U2.4.7/K2.6.18-1.2798.fc6 (netkey)) and a
Juniper ns208.<BR>When i try to setup the link i have the folowing messages.
<BR><BR>=====================================================================<BR>[root@lt85
~]# ipsec auto --verbose --up lt85_to_centre<BR>002 "lt85_to_centre" #11:
initiating Main Mode<BR>104 "lt85_to_centre" #11: STATE_MAIN_I1: initiate
<BR>003 "lt85_to_centre" #11: ignoring unknown Vendor ID payload
[166f932d55eb64d8e4df4fd37e2313f0d0fd84510000000000000000]<BR>003
"lt85_to_centre" #11: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 <BR>003 "lt85_to_centre"
#11: received Vendor ID payload [Dead Peer Detection]<BR>003 "lt85_to_centre"
#11: ignoring Vendor ID payload [HeartBeat Notify 386b0100]<BR>002
"lt85_to_centre" #11: enabling possible NAT-traversal with method
draft-ietf-ipsec-nat-t-ike-02/03 <BR>002 "lt85_to_centre" #11: discarding packet
received during asynchronous work (DNS or crypto) in STATE_MAIN_I1<BR>002
"lt85_to_centre" #11: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
<BR>106 "lt85_to_centre" #11: STATE_MAIN_I2: sent MI2, expecting MR2<BR>003
"lt85_to_centre" #11: discarding duplicate packet; already STATE_MAIN_I2<BR>002
"lt85_to_centre" #11: I did not send a certificate because I do not have one.
<BR>003 "lt85_to_centre" #11: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected<BR>002 "lt85_to_centre" #11:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<BR>108
"lt85_to_centre" #11: STATE_MAIN_I3: sent MI3, expecting MR3 <BR>003
"lt85_to_centre" #11: discarding duplicate packet; already STATE_MAIN_I3<BR>002
"lt85_to_centre" #11: Main mode peer ID is ID_IPV4_ADDR: '194.250.x.x'<BR>002
"lt85_to_centre" #11: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
<BR>004 "lt85_to_centre" #11: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}<BR>002 "lt85_to_centre" #12: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#11} <BR>117 "lt85_to_centre" #12:
STATE_QUICK_I1: initiate<BR>002 "lt85_to_centre" #12: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2<BR>004 "lt85_to_centre" #12:
STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x7593622b
<0x6859dbc5 xfrm=AES_128-HMAC_SHA1 NATD=none DPD=none}
<BR>=====================================================================<BR>IPsec
SA established ?!<BR><BR>A made a test by sending a ping to the
194.250.x.x.<BR>A tcpdump shows the following (no ESP
msg):<BR><BR>=====================================================================
<BR>[root@lt85 ~]# tcpdump host 194.250.x.x<BR>19:48:37.441373 IP lt85.xxx.xxx
> 194.250.x.x : ICMP echo request, id 1024, seq 55960, length
24<BR>=====================================================================<BR><BR>Any
help is appreciated.<BR>Thanks a lot.<BR><BR>-- <BR>Didine <BR>-- <BR>This
message has been scanned for viruses and <BR>dangerous content by <A
href="http://www.mailscanner.info/"></B><B>MailScanner</A>, and is <BR>believed
to be clean. </BODY><br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.trusted-management.com/"><b>Trusted Management Limitedf</b></a>, and is
<br />believed to be clean.
</HTML>