[Openswan Users] IPSEC Tunnel To NETASQ
Randy Wyatt
rwyatt at nvtl.com
Sun Dec 19 16:17:14 EST 2010
Don't mix racoon and openswan.. racoon is part of ipsec-tools which is a different implementation.
Randy
-----Original Message-----
From: users-bounces at openswan.org on behalf of Luc MAIGNAN
Sent: Sun 12/19/2010 1:10 PM
To: Paul Wouters
Cc: users at openswan.org
Subject: Re: [Openswan Users] IPSEC Tunnel To NETASQ
Thanks for your answer.
The documentation says that it supports IPSEC.
I can establish phase 1 but not phase 2 :
racoon: INFO: initiate new phase 2 negotiation:
192.168.50.181[4500]<=>83.206.50.37[4500]
Dec 17 22:34:59 Fedora-64-2 racoon: INFO: NAT detected -> UDP
encapsulation (ENC_MODE 2->4).
Dec 17 22:34:59 Fedora-64-2 racoon: INFO: NAT detected -> UDP
encapsulation (ENC_MODE 2->4).
Dec 17 22:35:10 Fedora-64-2 racoon: ERROR: 8x.xxx.xx.xx give up to get
IPsec-SA due to time up to wait.
Dec 17 22:35:29 Fedora-64-2 racoon: INFO: IPsec-SA expired: AH/Transport
8x.xxx.xx.xx[0]->192.168.50.181[0] spi=112387376(0x6b2e530)
Dec 17 22:35:29 Fedora-64-2 racoon: WARNING: the expire message is
received but the handler has not been established.
Dec 17 22:35:29 Fedora-64-2 racoon: INFO: IPsec-SA expired:
ESP/Transport 8x.xxx.xx.xx[0]->192.168.50.181[0] spi=82003743(0x4e3471f)
Dec 17 22:35:59 Fedora-64-2 racoon: ERROR: 8x.xxx.xx.xx give up to get
IPsec-SA due to time up to wait.
Dec 17 23:33:26 Fedora-64-2 racoon: INFO: ISAKMP-SA expired
192.168.50.181[4500]-8x.xxx.xx.xx[4500]
spi:621461833610c445:41dcaae6ade3f6d2
Dec 17 23:33:27 Fedora-64-2 racoon: INFO: ISAKMP-SA deleted
192.168.50.181[4500]-8x.xxx.xx.xx[4500]
spi:621461833610c445:41dcaae6ade3f6d2
Dec 17 23:33:27 Fedora-64-2 racoon: INFO: KA remove:
192.168.50.181[4500]->8x.xxx.xx.xx[4500]
Has anyone an idea ???
Best regards
Le 19/12/10 21:59, Paul Wouters a écrit :
> On Sun, 19 Dec 2010, Luc MAIGNAN wrote:
>
>> I'm running openSwan under Fedora 14 6'bits.
>>
>> I have to setup an IPSEC Tunnel (Host To Host) from my Fedora box to a
>> NETASQ F200 router.
>>
>> I have a lot of errors, so my first question : IS IT POSSIBLE TO SETUP A
>> SUCH ARCHITECTURE ?
>
> If the NETASQ F200 router supports IPsec, then yes.
>
> Paul
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101219/293b9bf5/attachment.html
More information about the Users
mailing list