<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title></title>
</head>
<body>
<p style="margin: 0px;"><span><span style="font-family: 'Trebuchet MS', Verdana, Helvetica, Arial, sans-serif; font-size: 13px; color: #333333; line-height: 18px; white-space: pre-wrap;">Hello, I am getting this error when I try to bring up IPSec Tunnel... Looking for someone help.. Thanks...</span></span></p>
<span style="color: #333333; font-family: 'Trebuchet MS', Verdana, Helvetica, Arial, sans-serif; font-size: 13px; line-height: 18px; white-space: pre-wrap;">[quote]Starting connection with command /usr/sbin/ipsec auto --up 'paycode-to-vivacom' .. 104 "paycode-to-vivacom" #7: STATE_MAIN_I1: initiate 003 "paycode-to-vivacom" #7: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [FRAGMENTATION c0000000] 106 "paycode-to-vivacom" #7: STATE_MAIN_I2: sent MI2, expecting MR2 003 "paycode-to-vivacom" #7: received Vendor ID payload [Cisco-Unity] 003 "paycode-to-vivacom" #7: received Vendor ID payload [XAUTH] 003 "paycode-to-vivacom" #7: ignoring unknown Vendor ID payload [c5e228ecee81618df6d2cd7eef3b0bb4] 003 "paycode-to-vivacom" #7: ignoring Vendor ID payload [Cisco VPN 3000 Series] 003 "paycode-to-vivacom" #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected 108 "paycode-to-vivacom" #7: STATE_MAIN_I3: sent MI3, expecting MR3 010 "paycode-to-vivacom" #7: STATE_MAIN_I3: retransmission; will wait 20s for response 003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3 003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3 003 "paycode-to-vivacom" #7: discarding duplicate packet; already STATE_MAIN_I3 010 "paycode-to-vivacom" #7: STATE_MAIN_I3: retransmission; will wait 40s for response 003 "paycode-to-vivacom" #7: next payload type of ISAKMP Hash Payload has an unknown value: 31 003 "paycode-to-vivacom" #7: malformed payload in packet 031 "paycode-to-vivacom" #7: max number of retransmissions (2) reached STATE_MAIN_I3. Possible authentication failure: no acceptable response to our first encrypted message 000 "paycode-to-vivacom" #7: starting keying attempt 2 of at most 3, but releasing whack[/quote] ipsec.conf [quote]conn paycode-to-vivacom auth=esp authby=secret auto=start esp=3des-168 ike=3des-md5 ikelifetime=8h keyexchange=ike keyingtries=3 keylife=1h left=95.43.208.250 leftid=95.43.208.250 leftnexthop=95.43.208.249 pfs=yes right=212.39.72.21 rightsubnet=10.16.0.0/24 type=tunnel[/quote] [b]PLESE, any help or suggestions will be very appreciated![/b] >>>>>>> [b]Connection Configuration >>>[/b] [url]http://i48.tinypic.com/1823ba.jpg[/url]</span>
<div>
<span style="font-family: 'Trebuchet MS', Verdana, Helvetica, Arial, sans-serif; color: #333333; font-size: 12pt;"><span style="font-size: 13px; line-height: 18px; white-space: pre-wrap;"><br />
</span></span>
</div>
<div>
<span style="font-family: 'Trebuchet MS', Verdana, Helvetica, Arial, sans-serif; color: #333333; font-size: 12pt;"><span style="font-size: 13px; line-height: 18px; white-space: pre-wrap;">The OS is Debian Squeeze</span></span>
</div>
<div>
<span style="font-family: 'Trebuchet MS', Verdana, Helvetica, Arial, sans-serif; color: #333333; font-size: 12pt;"><span style="font-size: 13px; line-height: 18px; white-space: pre-wrap;"><br />
</span></span>
</div>
<div>
<span style="font-family: 'Trebuchet MS', Verdana, Helvetica, Arial, sans-serif; color: #333333; font-size: 12pt;"><span style="font-size: 13px; line-height: 18px; white-space: pre-wrap;"></span></span>
<div>
paycode:~# ipsec verify
</div>
<div>
Checking your system to see if IPsec got installed and started correctly:
</div>
<div>
Version check and ipsec on-path                                 [OK]
</div>
<div>
Linux Openswan U2.6.23/K2.6.32-trunk-686 (netkey)
</div>
<div>
Checking for IPsec support in kernel                            [OK]
</div>
<div>
NETKEY detected, testing for disabled ICMP send_redirects       [OK]
</div>
<div>
NETKEY detected, testing for disabled ICMP accept_redirects     [OK]
</div>
<div>
Checking for RSA private key (/etc/ipsec.secrets)               [OK]
</div>
<div>
Checking that pluto is running                                  [OK]
</div>
<div>
Pluto listening for IKE on udp 500                              [OK]
</div>
<div>
Pluto listening for NAT-T on udp 4500                           [OK]
</div>
<div>
Two or more interfaces found, checking IP forwarding            [OK]
</div>
<div>
Checking NAT and MASQUERADEing                                  [OK]
</div>
<div>
Checking for 'ip' command                                       [OK]
</div>
<div>
Checking for 'iptables' command                                 [OK]
</div>
<div>
Opportunistic Encryption Support                                [DISABLED]
</div>
<div>
paycode:~#
</div>
<div>
<br />
</div>
<div>
<br />
</div>
</div>
</body>
</html>