All,
We are trying to setup a VPN tunnel between a ClearOS firewall (using
OpenSwan IPSec) to a Fortigate Firewall.
Here's the point that it looks like it's failing to connect:
000 #1: "hqnetaurc9-satnetaurc9":500 STATE_MAIN_I1 (sent MI1, expecting
MR1); EVENY_RETRANSMIT in 26s; nodpd; idle; import:admin initiate
000 #1: pending Phase 2 for "hqgateaurc9-satgateaurc9" replacing #0
000 #1: pending Phase 2 for "hqnetaurc9-satnetaurc9" replacing #0
Here's what our ipsec.conf file looks like:
#confi setup
# kilpsdebug=all
# plutodebug=all
Config setup
Interfaces=%defaultroute
Protostack=netkey
Kilpsdebug=none
Plutodebug=none
Virtual_private=%v4:{our office subnet},%v4:{remote
office subnet}
Conn %default
Authby=secret
Auto=start
Rightupdown=/usr/libexec/ipsec/_updown.app
Leftupdown=/usr/libexec/ipsec/_updown.app
Conn fortigate
Type=tunnel
Auto=add
Left={main office ip}
Leftsubnet={main office subnet}
Leftnexthop=%defaultroute
Leftid=%any
Right={remote office ip}
Rightsubnet={remote subnet}
Rightnexthop=%defaultroute
Righted=-%any
Keyexchange=ike
Ike=3des
Ikelifetime=28800s
Auth=esp
Authby=secret
Esp=3des
Compress=no
Pfs=yes
Auto=add
Rekey=yes
Any ideas?
Thank you,
_____________________________
Cameron Cooper
System Administrator | CompTIA A+ Certified
Aurico
Phone: 847-890-4021 | Fax: 847-255-1896
[email protected] <mailto:[email protected]> | www.aurico.com
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
