From: kbarry@enpocketbureau.com
Date: Thu May 08 2003 - 11:38:21 EDT
Hi,
I'm trying to negotiate a vpn tunnel with a cisco box,
and I'm having problems.
I'm using the native ipsec/ike on a Solaris 9 box
with a preshared key, esp-3des and md5.
The error I'm getting when I run /usr/lib/inet/in.iked -d
appears to be a timeout. I've changed the ip addresses in
the following but, both are routable. 192.16.8.1 represents the
local box.
Thu May 08 16:15:36 2003: ./in.iked: In match_phase1.
Thu May 08 16:15:36 2003: ./in.iked: get_phase1: searching rulebase for src = 192.168.1.1
Thu May 08 16:15:36 2003: ./in.iked: get_phase1: dst = 10.0.0.1
Thu May 08 16:15:36 2003: ./in.iked: get_phase1: rule simple inheritor 0x1
Thu May 08 16:15:36 2003: ./in.iked: laddr = AF2:192.168.1.1
Thu May 08 16:15:36 2003: ./in.iked: raddr = AF2:10.0.0.1!
Thu May 08 16:15:36 2003: ./in.iked: winning rule: simple inheritor
Thu May 08 16:15:36 2003: ./in.iked: construct_local_id
Thu May 08 16:15:36 2003: ./in.iked: construct_local_id: ipv4(any:0,[0..4]=192.168.1.1)
Thu May 08 16:15:36 2003: ./in.iked: xchg_type=2, 1 xforms.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_request_vendor_ids pm_info == eebc0.
Thu May 08 16:15:36 2003: ./in.iked: Non-NULL new negotiation! Get back to work!
Thu May 08 16:15:36 2003: ./in.iked: Waiting for IKE results.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_vendor_id.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_vendor_id.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_nonce_data_len.
Thu May 08 16:15:36 2003: ./in.iked: In match_phase1.
Thu May 08 16:15:36 2003: ./in.iked: get_phase1: searching rulebase for src = 192.168.1.1
Thu May 08 16:15:36 2003: ./in.iked: get_phase1: dst = 10.0.0.1
Thu May 08 16:15:36 2003: ./in.iked: get_phase1: rule simple inheritor 0x1
Thu May 08 16:15:36 2003: ./in.iked: laddr = AF2:192.168.1.1
Thu May 08 16:15:36 2003: ./in.iked: raddr = AF2:10.0.0.1!
Thu May 08 16:15:36 2003: ./in.iked: winning rule: simple inheritor
Thu May 08 16:15:36 2003: ./in.iked: construct_local_id
Thu May 08 16:15:36 2003: ./in.iked: construct_local_id: ipv4(any:0,[0..4]=192.168.1.1)
Thu May 08 16:15:36 2003: ./in.iked: xchg_type=2, 1 xforms.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_request_vendor_ids pm_info == eebc0.
Thu May 08 16:15:36 2003: ./in.iked: Non-NULL new negotiation! Get back to work!
Thu May 08 16:15:36 2003: ./in.iked: Waiting for IKE results.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_vendor_id.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_vendor_id.
Thu May 08 16:15:36 2003: ./in.iked: In ssh_policy_isakmp_nonce_data_len.
Thu May 08 16:15:37 2003: ./in.iked: In ssh_policy_find_pre_shared_key.
Thu May 08 16:15:37 2003: ./in.iked: in ike_report_error: type 24, decrypted 0, rx 1
Thu May 08 16:15:37 2003: ./in.iked: pm_info null! (msg type 24)
Thu May 08 16:15:37 2003: ./in.iked: In ssh_policy_phase_ii_sa_freed.Thu May 08 16:15:37 2003: ./in.iked: In ssh_policy_find_pre_shared_key.
Thu May 08 16:15:37 2003: ./in.iked: in ike_report_error: type 24, decrypted 0, rx 1
Thu May 08 16:15:37 2003: ./in.iked: pm_info null! (msg type 24)
Thu May 08 16:15:37 2003: ./in.iked: In ssh_policy_phase_ii_sa_freed.
The output of "tethereal host 10.0.0.1" is:
mobicus:root usr# tethereal host 10.0.0.1
Capturing on hme0
0.000000 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.001800 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.002351 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.003024 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.003578 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.004128 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.004689 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.005246 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.005804 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.024719 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
0.032000 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.054656 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
0.062064 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.091009 10.0.0.1 -> 192.168.1.1 ISAKMP Informational
0.503179 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.503413 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.513106 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.513340 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.513580 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.513820 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.514085 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.514322 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
0.563123 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.513166 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.513410 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.513685 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.513924 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.514177 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.514419 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.514658 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.514906 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
1.573115 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.523164 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.523398 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.523626 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.523870 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.524125 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.524364 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.524601 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.524832 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.583103 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
3.969448 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
7.533193 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.533456 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.533712 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.533969 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.534231 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.534486 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.534740 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.535004 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
7.557340 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
7.593109 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
11.471333 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
11.971485 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
11.971891 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.543190 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.543448 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.543706 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.543968 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.544227 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.544481 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.544746 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.545001 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
15.566946 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
15.971624 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
15.971962 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
19.471779 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
19.472884 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
19.972533 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
19.973010 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
23.472654 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
23.474440 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
23.973514 10.0.0.1 -> 192.168.1.1 ISAKMP Identity Protection (Main Mode)
23.973882 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
27.973478 192.168.1.1 -> 10.0.0.1 ISAKMP Identity Protection (Main Mode)
Any suggestions gratefully appreciated.
i will summarise to the list.
Regards
Kieran
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:22 EDT