Hi, I am setting up a new site-site connection. I have already established two working connections at other sites in the same config file;
I received the following status output for the connection that is failing. It appears to be failing in phase 2. They are looking for tunnel mode, 3DES, SHA-1, DH Group 2. Anyone familiar with the error "STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT" ? Thanks! Mark 000 "xyz-0": 10.0.10.10/32===10.0.10.10[50.60.11.50]---10.0.10.1...10.0.10.1---146.12.15.23[192.168.11.15]===172.16.1.52/32; unrouted; eroute owner: #0 000 "xyz-0": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 #2: "xyz-0" STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 1s 000 #2: pending Phase 2 for "xyz-0" replacing #0 --- COMPLETE STATUS OUTPUT 000 "xyz-0": 10.0.10.10/32===10.0.10.10[50.60.11.50]---10.0.10.1...10.0.10.1---146.12.15.23[192.168.11.15]===172.16.1.52/32; unrouted; eroute owner: #0 000 "xyz-0": newest ISAKMP SA: #0; newest IPsec SA: #0; 000 "abc-1": 10.0.10.10/32===10.0.10.10[50.60.11.50]---10.0.10.1...10.0.10.1---210.4.6.18[192.168.51.51]===172.16.53.39/32; erouted; eroute owner: #3 000 "abc-1": newest ISAKMP SA: #0; newest IPsec SA: #3; 000 "abc-2": 10.0.10.10/32===10.0.10.10[50.60.11.50]---10.0.10.1...10.0.10.1---210.4.6.18[192.168.51.51]===172.16.53.40/32; erouted; eroute owner: #4 000 "abc-2": newest ISAKMP SA: #1; newest IPsec SA: #4; 000 000 #2: "xyz-0" STATE_MAIN_I3 (sent MI3, expecting MR3); EVENT_RETRANSMIT in 1s 000 #2: pending Phase 2 for "xyz-0" replacing #0 000 #3: "abc-1" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 85430s; newest IPSEC; eroute owner 000 #3: "abc-1" [email protected] (0 bytes) [email protected] (0 bytes); tunnel 000 #4: "abc-2" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 85640s; newest IPSEC; eroute owner 000 #4: "abc-2" [email protected] (0 bytes) [email protected] (0 bytes); tunnel 000 #1: "abc-2" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 85399s; newest ISAKMP 000 Security Associations: none CONFIG conn xyz-0 # Connection Security Parameters type=tunnel auth=esp ike=3des-md5-modp1024 esp=3des-sha1-modp1024 pfs=no forceencaps=yes ikelifetime=28800s keylife=28800s # Left security gateway, subnet behind it, nexthop toward right. left=10.0.10.10 leftid=50.60.11.50 leftsubnet=10.0.10.10/32 leftnexthop=%defaultroute # Right security gateway, subnet behind it, nexthop toward left. right=146.12.15.23 rightid=192.168.11.15 rightsubnet=172.16.1.52/32 rightnexthop=%defaultroute # To authorize this connection, but not actually start it, # at startup, uncomment this. auto=start
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
