>From further investigation I believe that what is happening is that the Linksys is expecting to see the shared key,,, but it does not send out the shared key... However the client software is expecting to both send and receive the shared key, and doesn't seem to have an option to allow this to be only one way.
-----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Kevin VPN Sent: Wednesday, March 14, 2012 7:04 PM To: [email protected] Subject: Re: [vpn-help] connect to befsx41 On 03/14/2012 04:34 PM, Bill Wallick wrote: > I am getting an "invalid hash size". can anyone shed some light on this ??? > here is the log. > > 12/03/14 12:14:45<< : security association payload > 12/03/14 12:14:45<< : - propsal #1 payload > 12/03/14 12:14:45<< : -- transform #1 payload > 12/03/14 12:14:45 ii : matched isakmp proposal #1 transform #1 > 12/03/14 12:14:45 ii : - transform = ike > 12/03/14 12:14:45 ii : - cipher type = 3des > 12/03/14 12:14:45 ii : - key length = default > 12/03/14 12:14:45 ii : - hash type = md5 > 12/03/14 12:14:45 ii : - dh group = modp-1024 > 12/03/14 12:14:45 ii : - auth type = psk > 12/03/14 12:14:45 ii : - life seconds = 3600 > 12/03/14 12:14:45 ii : - life kbytes = 0 > 12/03/14 12:14:45<< : key exchange payload > 12/03/14 12:14:45<< : nonce payload > 12/03/14 12:14:45<< : identification payload > 12/03/14 12:14:45 ii : phase1 id target is any > 12/03/14 12:14:45 ii : phase1 id match > 12/03/14 12:14:45 ii : received = ipv4-host 192.168.0.10 > 12/03/14 12:14:45<< : hash payload > 12/03/14 12:14:45 !! : invalid hash size ( 0 != 16 ) > Hi Bill, I'm not sure what is causing this message. My guess would be that there is still something mismatched in the settings. Perhaps the BEFSX41 uses SHA1 Hash Algorithm instead of MD5. Another possibility is that Shrew is expecting one kind of message from the Linksys (identification payload) but the VPN gateway is sending something different. For example, maybe it does not recognize the Shrew client because the Authentication->Local Identity in Shrew do not match what is configured in the BEFSX41 for the remote site/client. So while Shrew is waiting for the next packet in the connect sequence, the BEFSX41 is sending back an "unrecognized peer" message. Can you look on the Cisco/Linksys box to see what its logs say? _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2012.0.1913 / Virus Database: 2114/4871 - Release Date: 03/14/12 _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
