Date: Wed, 21 Nov 2001 16:20:28 +0900 From: Shoichi Sakane <sakane@kame.net> To: ns@BlueSkyFrog.COM Cc: freebsd-security@freebsd.org Subject: Re: KAME IPsec <--> cisco Message-ID: <20011121162028G.sakane@kame.net> In-Reply-To: Your message of "Wed, 21 Nov 2001 11:30:03 %2B1000" <20011121113003.A2610@BlueSkyFrog.COM> References: <20011121113003.A2610@BlueSkyFrog.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
> As noted last week, phase 1 negotiation is not completing. However > I can't see what the problem is; all looks like it is set up > correctly to me. > The Cisco's config is like this (203.2.2.1): > crypto isakmp key **password** address 203.1.1.1 > > crypto map nolan 16 ipsec-isakmp > set peer 203.1.1.1 > set transform-set vodafone > set pfs group1 > match address 186 > > crypto ipsec transform-set vodafone esp-des esp-md5-hmac > > access-list 186 permit ip 203.2.2.0 0.0.0.255 host 203.1.1.2 did you check the phase1 configuration on the cisco ? i'm not sure the cisco configuration, but i think all of the above things are probably for phase 2. > When I try to contact 203.2.2.2 from 203.1.1.2, racoon logs the > following: > 2001-11-20 10:39:46: DEBUG: isakmp_inf.c:797:isakmp_info_recv_n(): notification message 14:NO-PROPOSAL-CHOSEN, doi=1 proto_id=1 spi=(size=0). > 2001-11-20 10:40:18: ERROR: isakmp.c:1818:isakmp_chkph1there(): phase2 negotiation failed due to time up waiting for phase1. ESP 203.2.2.1->203.1.1.1 the problem is that the cisco complained phase 1 proposal which racoon sent. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011121162028G.sakane>