Hi All,
?
I?m testing
IPsec interoperability between Solaris 10/opensolaris and Windows XP in IPv4.
?
After successfully configuring IPsec on solaris
and windows XP (details shown below),
?
I failed
to ping between the IPsec configured hosts and found the ISAKMP notification
data ?Incorrect preshared key (invalid next payload value)?
?
when I looked at the captured packets between
the hosts using wireshark.
?
?
I?ve used preshared
key ? ?asdfghjklqwertyuiopzxcv? in Windows XP and the same key converted to
hexadecimal ?666473616b6a68676577716c757974727a706f690a766378? been used in
solaris.
?
I?ve also tried as ?echo ?asdfghjklqwertyuiopzxcv?
| tr ?d ?\n? | od ?t x?
?
removing newline
character at the end.
?
But failed in both
cases.
?
#
?
echo ?asdfghjklqwertyuiopzxcv? | od ?t x
0000000
66647361 6b6a6867 6577716c 75797472
0000020
7a706f69 0a766378
0000030
?
IPsec
configuration on windows XP and solaris:
?
Phase 1 ? main
mode
ESP Auth Algorithm
:
?
SHA1
ESP Crypt
Algorithm :
?
3des
DH Group : 2
(1024bit)
Life time :
14400 sec
?
Phase 2 ? PFS
(Quick mode)
DH Group : 2
(1024bit)
ike.config file :?
p1_lifetime_secs
14400
p1_nonce_len
20
{
???
label "Solaris ? Windows using
ipv4"
???
local_addr 172.12.13.27
???
remote_addr 172.12.13.4
???
p1_xform {auth_method preshared
oakley_group 2 auth_alg sha1 encr_alg 3des}
???
p2_pfs 2
}
?
Could anybody please diagnose and see what?s wrong in the
configuration and any changes required in the above preshared key value
(supporting both windows XP & solaris) to resolve this issue?
?
Your help is highly appreciated.
?
Thanks in Advance,
KrishnaMohan
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
http://in.yahoo.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://mail.opensolaris.org/pipermail/security-discuss/attachments/20091224/0a9d10cb/attachment.html>
