[Openswan Users] a question regarding the IKE.
Shi Lang
shilang at greenpacket.com
Wed Jan 18 09:17:09 CET 2006
Hi all,
I have a question regarding the IKE.
Topology:
VPN1 ------ VPN2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Case 1:
VPN1: IKE algorithem: 3DES_CBC-MD5-MODP2048, 3DES_CBC-SHA1-MODP8129,
AES_CBC-SHA1-MODP1536
VPN2: IKE algorithem: 3DES_CBC-MD5-MODP2048, 3DES_CBC-SHA1-MODP8129,
AES_CBC-SHA1-MODP1536
Case 2:
VPN1: IKE algorithem: 3DES_CBC-MD5-MODP2048, 3DES_CBC-SHA1-MODP8129,
AES_CBC-SHA1-MODP1536
VPN2: IKE algorithem: 3DES_CBC-SHA1-MODP8129
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Results:
Case 1: IKE SA and IPSEC SA are established successfully.
Case 2: (1). if VPN1 as a initiator, MAIN MODE M1 (policy negotiate fail).
(2). if vpn2 as a initiator, established successfully.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My question is why this happen, this is a design issue, or my own
mis-configuration? no clues+headache.
Hope to get advice from you.
Thanks very much.
Regards,
Shi Lang
Quality Assurance Engineer
GreenPacket Bhd
www.greenpacket.com <http://www.greenpacket.com/>
Tel: 006-03-89966022 ext: 105
E-mail: <mailto:shilang at greenpacket.com> shilang at greenpacket.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060118/e9a1fab6/attachment-0001.htm
More information about the Users
mailing list