Hi !

I found your  mail on this website:
.... where you said being "positive" so .....

I intend to connect from a Cisco pix515 to a Linux box. My Linux box is
built on a 2.6.5 kernel and I use ipsec-tools version 0.3. It is very
similar to a BSD config !

Well here is the racoon debug:
INFO: initiate new phase 2 negotiation:[0]<=>[0]
2004-04-15 05:28:58: ERROR: unknown notify message, no phase2 handle found.

In fact I suspect the PIX 515 not understanding IPCOMP.
However I don't know howto deactivate the compression in the SA through
Racoon. I can't put other
argument that "DEFLATE / LZS / OUI".

I give your my racoon's configuration:

[EMAIL PROTECTED] ipsec-tools-0.3]# cat /etc/racoon.conf
path pre_shared_key "/etc/psk.txt";
remote I.J.K.L {
            exchange_mode main,base;
            doi ipsec_doi;
            situation identity_only;

            my_identifier address "A.B.C.D";
            send_cert off;
            send_cr off;
            verify_cert off;
            support_proxy on;

            initial_contact on;
            proposal_check obey;

            lifetime time 24 hour;

            proposal {
                hash_algorithm md5;
                encryption_algorithm 3des;
                authentication_method pre_shared_key;
                dh_group 2;

# Net to Net
sainfo address any address any {
            authentication_algorithm hmac_md5;
            encryption_algorithm 3des;
            compression_algorithm deflate;
            pfs_group 2;

Really I need a little help from you :)


Wilfried BARNAVON – Ingénieur Réseau
Solutions Linux  - R.H.C.E. (808003698808020)

Tel : 04 75 78 45 45
Fax : 04 75 56 05 07

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to