[Openswan Users] IPSEC Tunnel To NETASQ

Luc MAIGNAN luc.maignan at winxpert.com
Sun Dec 19 16:10:35 EST 2010


Thanks for your answer.

The documentation says that it supports IPSEC.

I can establish phase 1 but not phase 2 :

racoon: INFO: initiate new phase 2 negotiation: 
192.168.50.181[4500]<=>83.206.50.37[4500]
Dec 17 22:34:59 Fedora-64-2 racoon: INFO: NAT detected -> UDP 
encapsulation (ENC_MODE 2->4).
Dec 17 22:34:59 Fedora-64-2 racoon: INFO: NAT detected -> UDP 
encapsulation (ENC_MODE 2->4).
Dec 17 22:35:10 Fedora-64-2 racoon: ERROR: 8x.xxx.xx.xx give up to get 
IPsec-SA due to time up to wait.
Dec 17 22:35:29 Fedora-64-2 racoon: INFO: IPsec-SA expired: AH/Transport 
8x.xxx.xx.xx[0]->192.168.50.181[0] spi=112387376(0x6b2e530)
Dec 17 22:35:29 Fedora-64-2 racoon: WARNING: the expire message is 
received but the handler has not been established.
Dec 17 22:35:29 Fedora-64-2 racoon: INFO: IPsec-SA expired: 
ESP/Transport 8x.xxx.xx.xx[0]->192.168.50.181[0] spi=82003743(0x4e3471f)
Dec 17 22:35:59 Fedora-64-2 racoon: ERROR: 8x.xxx.xx.xx give up to get 
IPsec-SA due to time up to wait.
Dec 17 23:33:26 Fedora-64-2 racoon: INFO: ISAKMP-SA expired 
192.168.50.181[4500]-8x.xxx.xx.xx[4500] 
spi:621461833610c445:41dcaae6ade3f6d2
Dec 17 23:33:27 Fedora-64-2 racoon: INFO: ISAKMP-SA deleted 
192.168.50.181[4500]-8x.xxx.xx.xx[4500] 
spi:621461833610c445:41dcaae6ade3f6d2
Dec 17 23:33:27 Fedora-64-2 racoon: INFO: KA remove: 
192.168.50.181[4500]->8x.xxx.xx.xx[4500]


Has anyone an idea ???

Best regards

Le 19/12/10 21:59, Paul Wouters a écrit :
> On Sun, 19 Dec 2010, Luc MAIGNAN wrote:
>
>> I'm running openSwan under Fedora 14 6'bits.
>>
>> I have to setup an IPSEC Tunnel (Host To Host) from my Fedora box to a
>> NETASQ F200 router.
>>
>> I have a lot of errors, so my first question : IS IT POSSIBLE TO SETUP A
>> SUCH ARCHITECTURE ?
>
> If the NETASQ F200 router supports IPsec, then yes.
>
> Paul



More information about the Users mailing list