Hi,

I got this when I try to create IPsec connection between SXCE and S10.
I use preshared keys.

It works:
SXCE <==> SXCE
2008.11 <==> SXCE

It doesn't work:
SXCE (b93) <==> S10u4 + latest patches
2008.11 (b99) <==> S10u4 + latest patches

The configuration is the same in both cases.


Tue Oct 28 2008 15:35:15 +0100: in.iked: Phase 1 exchange type=2 (IP), 1 
transform(s).
Tue Oct 28 2008 15:35:15 +0100: in.iked: Looking for 10.1.1.201[0] in IKE 
daemon 
context...
Tue Oct 28 2008 15:35:15 +0100: in.iked: Sending out Vendor IDs, if needed: 
NAT-T state 0 (INIT)
Tue Oct 28 2008 15:35:15 +0100: in.iked:   Phase 1 info, pm_info structure == 
80cfa18.
Tue Oct 28 2008 15:35:15 +0100: in.iked:   New Phase 1 negotiation!
Tue Oct 28 2008 15:35:15 +0100: in.iked:   Waiting for IKE results.
Tue Oct 28 2008 15:35:15 +0100: in.iked: IKE library: Using default remote port 
for NAT-T, if active.
Tue Oct 28 2008 15:35:15 +0100: in.iked: Vendor ID from peer:
Tue Oct 28 2008 15:35:15 +0100: in.iked:   0x4a131c81070358455c5728f20e95452f
Tue Oct 28 2008 15:35:15 +0100: in.iked:   NAT-Traversal (RFC 3947)
Tue Oct 28 2008 15:35:15 +0100: in.iked:   Using NAT-D (RFC 3947 VID)
Tue Oct 28 2008 15:35:15 +0100: in.iked: Vendor ID from peer:
Tue Oct 28 2008 15:35:15 +0100: in.iked:   0x810fa565f8ab14369105d706fbd57279
Tue Oct 28 2008 15:35:15 +0100: in.iked:   NAT-Traversal 
(draft-ietf-ipsec-nat-t-ike-09)
Tue Oct 28 2008 15:35:15 +0100: in.iked: Determining P1 nonce data length.
Tue Oct 28 2008 15:35:15 +0100: in.iked:   NAT-T state 1 (VID)
Tue Oct 28 2008 15:35:15 +0100: in.iked: IKE library: Using default remote port 
for NAT-T, if active.
Tue Oct 28 2008 15:35:15 +0100: in.iked: IKE library: Doing port jump in case 
we 
need NAT-T. Current NAT-T state 1
Tue Oct 28 2008 15:35:15 +0100: in.iked: Finding preshared key...
Tue Oct 28 2008 15:35:15 +0100: in.iked: IKE library: Using default remote port 
for NAT-T, if active.
Tue Oct 28 2008 15:35:15 +0100: in.iked: Notifying library that P2 SA is freed.
Tue Oct 28 2008 15:35:15 +0100: in.iked:   Local IP = 10.1.1.201, Remote IP = 
10.1.1.17,
Tue Oct 28 2008 15:35:15 +0100: in.iked: Finishing P1 negotiation: NAT-T state 
1 
(VID)
Tue Oct 28 2008 15:35:15 +0100: in.iked: Phase 1 negotiation error: code 1 
(Invalid payload type).
Tue Oct 28 2008 15:35:15 +0100: in.iked: Phase 1 error: code 1 (Invalid payload 
type).
Tue Oct 28 2008 15:35:15 +0100: in.iked: Deleting local phase 1 instance.
Tue Oct 28 2008 15:35:15 +0100: in.iked: Looking for 10.1.1.201[0] in IKE 
daemon 
context...
Tue Oct 28 2008 15:35:15 +0100: in.iked: Sending negative ACQUIRE...


-- 
Regards,
Piotr Jasiukajtis | estibi | SCA OS0072
http://estseg.blogspot.com

Reply via email to