From owner-freebsd-questions@FreeBSD.ORG Tue Apr 8 15:24:45 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B8B251065673 for ; Tue, 8 Apr 2008 15:24:45 +0000 (UTC) (envelope-from redtick@sbcglobal.net) Received: from web81207.mail.mud.yahoo.com (web81207.mail.mud.yahoo.com [68.142.199.111]) by mx1.freebsd.org (Postfix) with SMTP id 88C518FC15 for ; Tue, 8 Apr 2008 15:24:45 +0000 (UTC) (envelope-from redtick@sbcglobal.net) Received: (qmail 69710 invoked by uid 60001); 8 Apr 2008 15:24:42 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=sbcglobal.net; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=btrkZtjW8Vk6qvUYIRXH9PmMVndl//wP74Tn2befLWi6RMZ+wmiBPcfHsZ5yRC5/eol9UT2/h/i3EcAdr0rNvwp1JafaWSYGtdcED+AKOW6nLD5mJ/E/eubXC17lVcjqVKM3iLAMGZV2S8Ii3Yjk2opd1NI0qj7VMCpUnH7YPe4=; X-YMail-OSG: WNZDC98VM1nYLeVz5SzrlEqdLJky14SoPun0jbFptxcNYaQJeUdl7h8wYmd_jqX5LQ-- Received: from [75.41.234.82] by web81207.mail.mud.yahoo.com via HTTP; Tue, 08 Apr 2008 08:24:42 PDT Date: Tue, 8 Apr 2008 08:24:42 -0700 (PDT) From: Mark Busby To: help help MIME-Version: 1.0 Message-ID: <730653.69491.qm@web81207.mail.mud.yahoo.com> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ipsec-racoon and a cisco pix 515e X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2008 15:24:45 -0000 Having trouble getting my first connection setup. I am must use the 3des md5 encryption. This is from the error log. : DEBUG: hash validated. : DEBUG: begin. : DEBUG: seen nptype=8(hash) : DEBUG: seen nptype=11(notify) : DEBUG: succeed. : ERROR: unknown notify message, no phase2 handle found. : DEBUG: notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=3 spi=0fddcb32(size=4). : ERROR: 72.164.229.178 give up to get IPsec-SA due to time up to wait. : DEBUG: an undead schedule has been deleted. : DEBUG: msg 1 not interesting : DEBUG: msg 1 not interesting setkey -D -P 192.168.75.101/0[any] 192.168.1.203/0[any] ip4 in ipsec esp/tunnel/72.164.229.178-75.41.234.82/require created: Apr 8 09:59:05 2008 lastused: Apr 8 09:59:05 2008 lifetime: 0(s) validtime: 0(s) spid=16389 seq=1 pid=896 refcnt=1 192.168.1.203/0[any] 192.168.75.101/0[any] ip4 out ipsec esp/tunnel/75.41.234.82-72.164.229.178/require created: Apr 8 09:59:05 2008 lastused: Apr 8 10:09:04 2008 lifetime: 0(s) validtime: 0(s) spid=16388 seq=0 pid=896 refcnt=1 racoon.conf path pre_shared_key "/usr/local/etc/racoon/psk.txt"; path certificate "@sysconfdir_x@/cert"; log debug2; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } listen { isakmp 75.41.234.82 [500]; } timer { counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per send. phase1 30 sec; phase2 15 sec; } remote 72.164.229.178 { exchange_mode aggressive,main,base; lifetime time 24 hour; proposal { encryption_algorithm 3des; hash_algorithm md5 ; authentication_method pre_shared_key; dh_group 2; } } sainfo anonymous { pfs_group 2; lifetime time 12 hour ; encryption_algorithm 3des ; authentication_algorithm hmac_md5 ; compression_algorithm deflate ; }