Running 4.3 GENERIC#698 i386
I have a VPN with a vendor using a I think he said it was a Sonic Wall
FW. We are able to get Phase 1 associations up and happy. But Phase 2
never seems to start, at least not from my side.
If he sends traffic from his side then his device makes a phase 2
proposal, and I accept and traffic flows. I can do nothing to kick this
off from my end.
I have an ipsec.conf phile for this vendor
ike active esp from { 172.18.101.22 } to { 10.0.3.222 10.0.6.222
10.0.11.43 10.0.11.188 10.0.11.222 10.0.11.36 } local 10.120.10.50 peer
xxx.xxx.xx.xx.x0x main auth hmac-sha1 enc 3des-cbc group modp1024 quick
auth hmac-sha1 enc 3des-cbc group none psk "SEKRET"
He sends me i a ping I get a flow
ipsecctl -s flow | grep xxx.xxx.xx.xx.x0x
flow esp in from 10.0.11.43 to 172.18.101.22 peer xxx.xxx.xx.xx.x0x
srcid 10.120.10.50/32 dstid xxx.xxx.xx.xx.x0x/32 type use
flow esp out from 172.18.101.22 to 10.0.11.43 peer xxx.xxx.xx.xx.x0x
srcid 10.120.10.50/32 dstid xxx.xxx.xx.xx.x0x/32 type require
I the past I have been able to: echo "M active" > /var/run/isakmpd.fifo
But since I have a phase 1 up, I guess this won't have any effect?
I guess I am not really even sure what to be showing anyone, usually
once pahse 1 is established everything has just worked.
