<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7654.12">
<TITLE>RE: [Openswan Users] IPSEC Tunnel To NETASQ</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><FONT SIZE=2>Don't mix racoon and openswan.. racoon is part of ipsec-tools which is a different implementation.<BR>
<BR>
Randy<BR>
<BR>
-----Original Message-----<BR>
From: users-bounces@openswan.org on behalf of Luc MAIGNAN<BR>
Sent: Sun 12/19/2010 1:10 PM<BR>
To: Paul Wouters<BR>
Cc: users@openswan.org<BR>
Subject: Re: [Openswan Users] IPSEC Tunnel To NETASQ<BR>
<BR>
Thanks for your answer.<BR>
<BR>
The documentation says that it supports IPSEC.<BR>
<BR>
I can establish phase 1 but not phase 2 :<BR>
<BR>
racoon: INFO: initiate new phase 2 negotiation:<BR>
192.168.50.181[4500]<=>83.206.50.37[4500]<BR>
Dec 17 22:34:59 Fedora-64-2 racoon: INFO: NAT detected -> UDP<BR>
encapsulation (ENC_MODE 2->4).<BR>
Dec 17 22:34:59 Fedora-64-2 racoon: INFO: NAT detected -> UDP<BR>
encapsulation (ENC_MODE 2->4).<BR>
Dec 17 22:35:10 Fedora-64-2 racoon: ERROR: 8x.xxx.xx.xx give up to get<BR>
IPsec-SA due to time up to wait.<BR>
Dec 17 22:35:29 Fedora-64-2 racoon: INFO: IPsec-SA expired: AH/Transport<BR>
8x.xxx.xx.xx[0]->192.168.50.181[0] spi=112387376(0x6b2e530)<BR>
Dec 17 22:35:29 Fedora-64-2 racoon: WARNING: the expire message is<BR>
received but the handler has not been established.<BR>
Dec 17 22:35:29 Fedora-64-2 racoon: INFO: IPsec-SA expired:<BR>
ESP/Transport 8x.xxx.xx.xx[0]->192.168.50.181[0] spi=82003743(0x4e3471f)<BR>
Dec 17 22:35:59 Fedora-64-2 racoon: ERROR: 8x.xxx.xx.xx give up to get<BR>
IPsec-SA due to time up to wait.<BR>
Dec 17 23:33:26 Fedora-64-2 racoon: INFO: ISAKMP-SA expired<BR>
192.168.50.181[4500]-8x.xxx.xx.xx[4500]<BR>
spi:621461833610c445:41dcaae6ade3f6d2<BR>
Dec 17 23:33:27 Fedora-64-2 racoon: INFO: ISAKMP-SA deleted<BR>
192.168.50.181[4500]-8x.xxx.xx.xx[4500]<BR>
spi:621461833610c445:41dcaae6ade3f6d2<BR>
Dec 17 23:33:27 Fedora-64-2 racoon: INFO: KA remove:<BR>
192.168.50.181[4500]->8x.xxx.xx.xx[4500]<BR>
<BR>
<BR>
Has anyone an idea ???<BR>
<BR>
Best regards<BR>
<BR>
Le 19/12/10 21:59, Paul Wouters a écrit :<BR>
> On Sun, 19 Dec 2010, Luc MAIGNAN wrote:<BR>
><BR>
>> I'm running openSwan under Fedora 14 6'bits.<BR>
>><BR>
>> I have to setup an IPSEC Tunnel (Host To Host) from my Fedora box to a<BR>
>> NETASQ F200 router.<BR>
>><BR>
>> I have a lot of errors, so my first question : IS IT POSSIBLE TO SETUP A<BR>
>> SUCH ARCHITECTURE ?<BR>
><BR>
> If the NETASQ F200 router supports IPsec, then yes.<BR>
><BR>
> Paul<BR>
<BR>
_______________________________________________<BR>
Users@openswan.org<BR>
<A HREF="http://lists.openswan.org/mailman/listinfo/users">http://lists.openswan.org/mailman/listinfo/users</A><BR>
Micropayments: <A HREF="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</A><BR>
Building and Integrating Virtual Private Networks with Openswan:<BR>
<A HREF="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</A><BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>