From owner-freebsd-net Fri Nov 9 16:13:59 2001 Delivered-To: freebsd-net@freebsd.org Received: from angui.sh (angui.sh [216.27.181.149]) by hub.freebsd.org (Postfix) with ESMTP id 8D74F37B416 for ; Fri, 9 Nov 2001 16:13:52 -0800 (PST) Received: from localhost (wfroning@localhost) by angui.sh (8.11.6/8.11.4) with ESMTP id fAA0E8x52907; Fri, 9 Nov 2001 16:14:08 -0800 (PST) (envelope-from wfroning@angui.sh) Date: Fri, 9 Nov 2001 16:14:08 -0800 (PST) From: Will Froning To: Cc: Subject: IPSec w/SonicWall IKE Message-ID: <20011109135801.X25048-100000@angui.sh> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org OS: FreeBSD4.3 Software: Racoon-20010322 I'm attempting to connect a FBSD4.3 box to a SonicWall VPN solution. I think I have everything configured correctly, but I keep getting this error mesg and I'm unable to reach the IPs on the other end: 2001-11-09 13:56:51: INFO: isakmp.c:1618:isakmp_post_acquire(): request for establishing IPsec-SA was queued due to no phase1 found. 2001-11-09 13:56:54: DEBUG: isakmp.c:1370:isakmp_ph1resend(): resend phase1 packet 1b770e442d645209:0000000000000000 I can never seem to get the session working correctly. If I'm not giving the correct data, or not enough, please ask. Please cc me on the reply as I'm not on the list. Thanks, Will Here is my config file for racoon. /usr/local/etc/racoon/racoon.conf path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; log debug; remote anonymous { proposal { encryption_algorithm 3des; hash_algorithm md5; authentication_method pre_shared_key ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 12 hour; lifetime byte 50 MB; encryption_algorithm 3des,des,cast128,blowfish ; authentication_algorithm hmac_sha1,hmac_md5 ; compression_algorithm deflate ; } wfroning# setkey -DP 192.168.1.0/24[any] XXX.XXX.XXX.158[any] any in ipsec esp/tunnel/XXX.XXX.XXX.131-XXX.XXX.XXX.158/require spid=2 seq=1 pid=561 refcnt=1 XXX.XXX.XXX.158[any] 192.168.1.0/24[any] any out ipsec esp/tunnel/XXX.XXX.XXX.158-XXX.XXX.XXX.131/require spid=1 seq=0 pid=561 refcnt=1 -- Will Froning Unix Sys. Admin. wfroning@angui.sh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message