Good morning Ryan,
Can you send the pix debugs as well? I think you are right, this
looks like a phase 1 setup problem, it maybe that PF and the pix are
having trouble playing nice on the negotiation of your current phase 1
params. If you send the pix debugs I think I will have a better idea
of where the negotiation is failing. Also did you try different hash
and encryption algs for phase 1 as a test?
Wade B
On 10/14/06, J. Ryan Earl <[EMAIL PROTECTED]> wrote:
I'm trying out a pfSense based firewall for my local office, and I'm
trying to setup a VPN to a Cisco PIX 515e in one of our production
datacenters. I believe I am encountering some sort of error on the
pfSense firewall. Stage1 exchange continually times out. I've
quadruple checked all of the VPN parameters on both side and they are
consistent. I notice whenever I "apply" VPN changes I get the following
errors at the beginning of the VPN system log:
Oct 14 11:19:53 racoon: INFO: @(#)ipsec-tools 0.6.6
(http://ipsec-tools.sourceforge.net)
Oct 14 11:19:53 racoon: INFO: @(#)This product linked OpenSSL
0.9.7e-p1 25 Oct 2004 (http://www.openssl.org/)
Oct 14 11:19:53 racoon: INFO: fe80::1%lo0[500] used as isakmp port
(fd=13)
Oct 14 11:19:53 racoon: INFO: ::1[500] used as isakmp port (fd=14)
Oct 14 11:19:53 racoon: INFO: 127.0.0.1[500] used as isakmp port (fd=15)
Oct 14 11:19:53 racoon: WARNING:
setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Oct 14 11:19:53 racoon: INFO: 192.168.2.254[500] used as isakmp port
(fd=16)
Oct 14 11:19:53 racoon: WARNING:
setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Oct 14 11:19:53 racoon: INFO: fe80::250:daff:fe28:ca4%xl2[500] used
as isakmp port (fd=17)
Oct 14 11:19:53 racoon: INFO: 216.62.203.233[500] used as isakmp
port (fd=18)
Oct 14 11:19:53 racoon: WARNING:
setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Oct 14 11:19:53 racoon: INFO: fe80::201:2ff:fe3f:58a7%xl1[500] used
as isakmp port (fd=19)
Oct 14 11:19:53 racoon: INFO: 209.198.142.210[500] used as isakmp
port (fd=20)
Oct 14 11:19:53 racoon: WARNING:
setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
Oct 14 11:19:53 racoon: INFO: fe80::201:2ff:fe3c:a553%xl0[500] used
as isakmp port (fd=21)
I'm thinking this is the root cause of my problem, not a difference in
configuration between the VPN tunnel end-points. Does anyone know what
would cause this and how to fix it?
Thank in advance,
-ryan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
"Integrity is more important than perception management"
"There are two kinds of pain, the pain of change and the pain of never changing"
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
