<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Arial">Hi,<br>
<br>
</font></font><font size="-1"><font face="Arial">I am able to
successfully establish connection with NetgearFVS318 model using 3DES
and SHA1 in both way ie connection is initiated by either peer<br>
even I am able to </font></font><font size="-1"><font face="Arial">establish
connection with NetgearFVS318 model using AES128 and SHA1 when my
server initiates connection <br>
but if Netgear initiates connection it fails :(<br>
<br>
during debug i found following logs<br>
<br>
Jul 11 10:53:47 1184151227 pluto[5635]: "AESconnection-1" #2:
OAKLEY_KEY_LENGTH<br>
attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.
Attribute OAKL<br>
EY_KEY_LENGTH<br>
Jul 11 10:53:47 1184151227 pluto[5635]: "AESconnection-1" #2: no
acceptable Oakl<br>
ey Transform<br>
Jul 11 10:53:47 1184151227 pluto[5635]: "AESconnection-1" #2: sending
notificati<br>
on NO_PROPOSAL_CHOSEN to 165.227.249.120:500<br>
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3:
responding to Main<br>
Mode<br>
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3:
OAKLEY_KEY_LENGTH<br>
attribute not preceded by OAKLEY_ENCRYPTION_ALGORITHM attribute.
Attribute OAKL<br>
EY_KEY_LENGTH<br>
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3: no
acceptable Oakl<br>
ey Transform<br>
Jul 11 10:54:07 1184151247 pluto[5635]: "AESconnection-1" #3: sending
notificati<br>
on NO_PROPOSAL_CHOSEN to 165.227.249.120:500<br>
<br>
<br>
<br>
when I checked proposal packet by ethereal<br>
Transform number: 0<br>
Transform ID: KEY_IKE (1)<br>
Life-Type (11): Seconds (1)<br>
Life-Duration (12): Duration-Value (28800)<br>
Key-Length (14): Key-Length (128)<br>
Encryption-Algorithm (1): AES-CBC (7)<br>
Hash-Algorithm (2): SHA (2)<br>
Authentication-Method (3): PSK (1)<br>
Group-Description (4): Alternate 1024-bit MODP group
(2)<br>
<br>
<br>
<br>
And from the log for proposal sent by Other device then Netgear, it is:<br>
<br>
Transform number: 0<br>
Transform ID: KEY_IKE (1)<br>
Encryption-Algorithm (1): AES-CBC (7)<br>
Key-Length (14): Key-Length (128)<br>
Hash-Algorithm (2): SHA (2)<br>
Authentication-Method (3): PSK (1)<br>
Group-Description (4): Alternate 1024-bit MODP group (2)<br>
Life-Type (11): Seconds (1)<br>
Life-Duration (12): Duration-Value (28800)<br>
<br>
<br>
Is It due to difference in order of key length and encryption
algorithm??<br>
<br>
Kindly guide me for the same..<br>
<br>
<br>
Regards,<br>
Utkarsh Shah<br>
</font></font><font face="Times New Roman" size="2"><span
style="font-size: 10.5pt;" lang="EN-US"></span></font><br>
</body>
</html>