[Openswan Users] cannot respond to IPsec SA request because no connection is known for

Alfonso Viso alfonso.viso at selftrade.com
Fri Dec 26 11:26:37 EST 2008 

Hello all, 
 
i can to established tunnel between a cisco pix and openswan server with PSK , but now i have a problem when i try to connect a roadwarrior. 
At first, the negotation is ok, in /var/log/secure appears :
"roadwarrior-murquijo" #1: responding to Main Mode
 "roadwarrior-murquijo" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
"roadwarrior-murquijo" #1: STATE_MAIN_R1: sent MR1, expecting MI2
"roadwarrior-murquijo" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
"roadwarrior-murquijo" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
"roadwarrior-murquijo" #1: STATE_MAIN_R2: sent MR2, expecting MI3
"roadwarrior-murquijo" #1: Main mode peer ID is ID_IPV4_ADDR: 'ip_public_roadwarrior'
"roadwarrior-murquijo" #1: I did not send a certificate because I do not have one.
 "roadwarrior-murquijo" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
"roadwarrior-murquijo" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
"roadwarrior-murquijo" #1: Dead Peer Detection (RFC 3706): enabled
"roadwarrior-murquijo" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
"roadwarrior-murquijo" #1: received and ignored informational message
here, the tunnel is enabled, but when i try to access to our intranet appear the following message:
"roadwarrior-murquijo" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
"roadwarrior-murquijo" #1: received and ignored informational message
"roadwarrior-murquijo" #1: cannot respond to IPsec SA request because no connection is known for 10.105.0.0/16===[ip_public_server]...[ip_public_roadwarrior]===192.168.200.20/32
 "roadwarrior-murquijo" #1: sending encrypted notification INVALID_ID_INFORMATION to [ip_public_roadwarrior]:21655
"roadwarrior-murquijo" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc8ceedf9 (perhaps this is a duplicated packet)
 "roadwarrior-murquijo" #1: sending encrypted notification INVALID_MESSAGE_ID to [ip_public_roadwarrior]:21655
"roadwarrior-murquijo" #1: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0xc8ceedf9 (perhaps this is a duplicated packet)
"roadwarrior-murquijo" #1: sending encrypted notification INVALID_MESSAGE_ID to [ip_public_roadwarrior]:21655
 
the ipsec.conf respective roadwarrior is:
conn roadwarrior-murquijo
        type=tunnel
        authby=secret
        left=81.93.214.114
        leftnexthop=%defaultroute
        leftsubnet=10.105.0.0/16
        right=195.5.94.158
        rightnexthop=%defaultroute
        rightsubnet=192.168.200.0/24
        dpddelay=30
        dpdtimeout=120
        dpdaction=clear
        keyingtries=3
        pfs=no
        auto=add
 
and we use the VPN Client Shrew Soft to connect to our intranet.
Could Anybody help us?
thanks in advanced.
regards

 

Alfonso Viso Puerta
IT Department


 



___________________________________

Ce message contient des informations confidentielles ou appartenant à
Boursorama et est établi à l'intention exclusive de ses destinataires. Toute
divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce
message, ou des informations qu'il contient, doit être préalablement
autorisée. Tout message électronique est susceptible d'altération et son
intégrité ne peut être assurée. Boursorama décline toute responsabilité au
titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas
destinataire de ce message, merci de le détruire immédiatement et d'avertir
l'expéditeur de l'erreur de distribution et de la destruction du message.
___________________________________

This e-mail contains confidential information or information belonging to
Boursorama and is intended solely for the addressees. The unauthorised
disclosure, use, dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails are susceptible
to alteration and their integrity cannot be guaranteed. Boursorama shall not be
liable for this e-mail if modified or falsified. If you are not the intended
recipient of this e-mail, please delete it immediately from your system and
notify the sender of the wrong delivery and the mail deletion.
___________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081226/a91df0e4/attachment.html

More information about the Users mailing list