On 2/11/2010 7:58 AM, Alexis La Goutte wrote: > Hi All > > I made a test with a FVS336G with the latest firmware available > > and I have the same problem. > > I analysed IKE trace and i see the router send a ISAKMP_CFG_SET(3) in > Config Mode to reply a ISAKMP_CFG_REQUEST (frame 5 and 6 of Michal > packet capture). > > I am not an expert IPsec but I think it's a bug of router > > Matthew you confirm? >
I agree with your assessment. The client sends a ISAKMP_CFG_REQUEST which should be answered with a ISAKMP_CFG_REPLY. Instead its sends a ISAKMP_CFG_SET. This is clearly defined in section (2) of the modecfg draft doc ... http://tools.ietf.org/id/draft-ietf-ipsec-isakmp-mode-cfg-05.txt Your best bet is to take this up with Netgear. They use ipsec-tools racoon ike daemon under the hood. However, they are probably using a very old version or have made some local patches that break things. -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
