From owner-freebsd-current Mon Jan 13 4:11:21 2003 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4104137B401 for ; Mon, 13 Jan 2003 04:11:20 -0800 (PST) Received: from gidgate.gid.co.uk (gid.co.uk [194.32.164.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id DFF6443F5B for ; Mon, 13 Jan 2003 04:11:18 -0800 (PST) (envelope-from rb@gid.co.uk) Received: (from rb@localhost) by gidgate.gid.co.uk (8.11.6/8.11.6) id h0DCBF904922; Mon, 13 Jan 2003 12:11:15 GMT (envelope-from rb) Message-Id: <4.3.2.7.2.20030113120239.03397190@gid.co.uk> X-Sender: rbmail@gid.co.uk X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 13 Jan 2003 12:11:17 +0000 To: current@freebsd.org From: Bob Bishop Subject: FAST_IPSEC/racoon vs CISCO PIX anyone? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Problems interworking this combination, with ESP tunnel. SA gets negotiated OK, but ESP packets get rejected by the PIX: it says "host not found a.b.c.d" where a.b.c.d is its own endpoint address, and sends "invalid SPI" back to our end, even thought the SPI on the rejected ESP packet is the one just negitiated. This is RC2, racoon-20021120a. FWIW the same problem occurs on 4.7 with 'ordinary' IPSEC too. Any suggestions? TIA -- Bob Bishop +44 (0)118 977 4017 rb@gid.co.uk fax +44 (0)118 989 4254 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message