Hi,
I have Problems with IPSec on OPT1 (I tried to get help on irc, but ...)
OK, I have:
A WRAP with 0.82.4,
I have a cheap DSL on WAN,
a double E1 on OPT1, Static-IP: eg. 1.2.3.4/24,
LAN and ATH(OPT2) Bridged Static-IP: eg 192.168.35.254/24
First Problem: No Nat on OPT1. I had to enable "Enable advanced
outbound NAT" in Firewall->NAT->Outbound
and write two NAT-Rules (for DSL and for OPT1).
Next thing: I need IPsec on OPT1
Other Net is: 172.20/16 Endpoint is 2.2.2.2
This is Handshake:
01 INFO: initiate new phase 2 negotiation: 1.2.3.4[0]<=>2.2.2.2[0]
02 WARNING: ignore RESPONDER-LIFETIME notification.
03 WARNING: transform number has been modified.
04 WARNING: trns_id mismatched: my:DES peer:3DES
05 WARNING: trns_id mismatched: my:DES peer:3DES
06 INFO: IPsec-SA established: ESP/Tunnel 2.2.2.2[0]->1.2.3.4[0]
spi=227333822(0xd8cd6be)
07 INFO: IPsec-SA established: ESP/Tunnel 1.2.3.4[0]->2.2.2.2[0]
spi=1874806242(0x6fbf45e2)
08 INFO: respond new phase 2 negotiation: 1.2.3.4[0]<=>192.168.35.2[0]
09 ERROR: no policy found: 2.2.2.2/32[0] 192.168.35.0/24[0] proto=any
dir=in
10 ERROR: failed to get proposal for responder.
11 ERROR: failed to pre-process packet.
I guess Line 09 ist the Problem!!!
# setkey -DP
192.168.35.0/24[any] 192.168.35.254[any] any
in none
spid=113 seq=3 pid=85039
refcnt=1
172.20.0.0/16[any] 192.168.35.0/24[any] any
in ipsec
esp/tunnel/2.2.2.2-1.2.3.4/unique#16442
spid=116 seq=2 pid=85039
refcnt=1
192.168.35.254[any] 192.168.35.0/24[any] any
out none
spid=114 seq=1 pid=85039
refcnt=1
192.168.35.0/24[any] 172.20.0.0/16[any] any
out ipsec
esp/tunnel/1.2.3.4-2.2.2.2/unique#16441
spid=115 seq=0 pid=85039
refcnt=1
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
