[Openswan Users] again with pix

Agent Smith news8080 at yahoo.com
Thu Oct 6 10:45:51 CEST 2005


I've made pix501 (6.3.5) ipsec into a openswan10rc2
box work. can you post your ipsec.conf and pixs
nat/global statements along with isakmp policy
statements.


--- lean <piccololean at yahoo.it> wrote:

> Yestarday everything went well... except from the
> interface ipsec0 that 
> I really don't know how to make.
> However, the SA was creating well.
> Today, it stops here:
> 
> root at lean:~# ipsec auto --up pix
> 104 "pix" #1: STATE_MAIN_I1: initiate
> 003 "pix" #1: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03] 
> method set to=108
> 003 "pix" #1: received Vendor ID payload 
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
> already using method 108
> 106 "pix" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> 003 "pix" #1: received Vendor ID payload [XAUTH]
> 003 "pix" #1: received Vendor ID payload [Dead Peer
> Detection]
> 003 "pix" #1: received Vendor ID payload
> [Cisco-Unity]
> 003 "pix" #1: ignoring unknown Vendor ID payload 
> [a2fc967e96b39d6d79fdd6656afcbab5]
> 003 "pix" #1: NAT-Traversal: Result using 
> draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> 108 "pix" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> 
> but, I swear, the conf are the SAME as yestarday!!!
> It's really absurd
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 



		
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com


More information about the Users mailing list