When Mike and I setup the Security Policy Database (SPD)
I/we omited the ah/tunnel/ part. Could be why we got the tunnel
but nothing thru because there was no ip authentication on our end.
I think racoon setup the Security Association Database (SAD) right though.
Should of been like this.
spdadd 192.168.3.0/24 192.168.4.0/24 any -P out ipsec
esp/tunnel/192.168.0.203-192.168.0.200/require
ah/tunnel/192.168.0.203-192.168.0.200/require;
spdadd 192.168.4.0/24 192.168.3.0/24 any -P in ipsec
esp/tunnel/192.168.0.200-192.168.0.203/require
ah/tunnel/192.168.0.200-192.168.0.203/require;
--- "Ryan T.Patterson" <[EMAIL PROTECTED]> wrote:
> Yes, AH was enabled as was ESP. We were set for DH Group 2, AES, and
> MD5 in our last iteration. No NAT, no NAT transversal or anything
> wacky like that...
>
>
> On Dec 12, 2004, at 12:46 PM, Ted Kat. wrote:
>
> > I have been backtracking what we did yesterday and
> > I think I figured out what happened.
> >
> > Ryan P. What was the setup on the BSD box? Was AH enabled?
> >
> --
> -- Ryan
>
>
=====
Ted Katseres
-----------------------------------------
sclinux.org
President: Sioux City Linux Users Group
-----------------------------------------
__________________________________
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
