At 16:09 13/1/03, Daniel C. Sobral wrote:
Bob Bishop wrote:
Hi,
Problems interworking this combination, with ESP tunnel. SA gets
negotiated OK, but ESP packets get rejected by the PIX: it says "host
not found a.b.c.d" where a.b.c.d is its own endpoint address, and sends
"invalid SPI" back to our end, even thought the SPI on the rejected ESP
packet is the one just negitiated.
This is RC2, racoon-20021120a. FWIW the same problem occurs on 4.7 with
'ordinary' IPSEC too.
Any suggestions? TIA
Well, this question can be silly, specially if you have already
established tunnels before, but... Did you negotiate a SA for each direction?
Yes, symmetrically. And we have done this stuff before (but not to a PIX).
--
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
TCO
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Outros:
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
It was one of those perfect summer days -- the sun was shining, a
breeze was blowing, the birds were singing, and the lawn mower was
broken ...
-- James Dent
--
Bob Bishop +44 (0)118 977 4017
[EMAIL PROTECTED] fax +44 (0)118 989 4254
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
