Hi All, Our router is humming along nicely, and my prev post re moving a mount was answered perfectly and is scheduled for tonite - THANKS :)
One problem I am having is VPN issues. Firstly, I know a router shouldn't also do VPNing, and we will setup another box to do specific VPN hand off, but some clients turn change requests around in 4 weeks and right now, thats not an option. Network config: OBSD Ext IP - 203.0.0.1 OBSD Net - 10.1.1.0/24 Cisco Ext IP - 202.1.1.30 Cisco Net - 202.1.1.0/24 Now, this is what was on the Cisco router: access-list siteA permit ip 202.1.1.0 0.0.0.255 10.1.1.0 255.255.255.0 crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto map newmap 10 ipsec-isakmp set peer 202.1.1.30 set transform-set myset match address siteA crypto isakmp key shhhSecret address 203.0.0.1 crypto isakmp policy 10 encr 3des hash md5 authentication pre-share group 2 Firstly, I thought I could just use /etc/ipsec.conf (right?) and a line like this: ike esp from 10.1.1.0/24 to 202.1.1.0/24 peer 202.1.1.30 main auth hmac-md5 enc 3des psk shhhSecret run isakmpd -K -d, then ipsecctl -f /etc/ipsec.conf and get: 170525.073348 Default message_recv: invalid cookie(s) 03af03aac4e7f22f 9c282b0073a7218f 170525.073424 Default dropped message from 202.1.1.30 port 500 due to notification type INVALID_COOKIE and then 170829.790305 Default transport_send_messages: giving up on exchange IPsec-10.1.1.0/24-202.1.1.30, no response from peer 202.1.1.30:500 Anyone shed some light on this? Do I have to setup the traditional isakmpd.conf and .policy files? Thanks! Kolchak
