All,
Thanks for your input. I got the tunnel up and running. After taking several suggestions I decided to switch to main mode and set the right side to dynamic. Also when using dynamic even as a termination point auto is set to "add". version 2.0 config setup interfaces="ipsec0=eth0" hidetos=yes conn clear auto=ignore conn clear-or-private auto=ignore conn private-or-clear auto=ignore conn private auto=ignore conn block auto=ignore conn packetdefault auto=ignore conn peer-0.0.0.0-tunnel-1 left=1.1.1.1 right=%any rekey=no leftsubnet=192.168.12.0/24 rightsubnet=192.168.10.0/24 ike=3des-md5,3des-sha1 ikelifetime=28800s aggrmode=no esp=3des-md5,3des-sha1 keylife=1800s rekeymargin=540s type=tunnel pfs=yes compress=no authby=secret auto=add Carlos Dunmoodie Network Engineer Engineering Office: (301) 944-2896 Cell: (443) 864-9822 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ken Felix Sent: Thursday, February 07, 2008 5:21 PM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] IPSec Termination My take, the remote peer is not recognized. Do you have an appropiate PSK key in the ipsec.secrets file ? fwiw: I would create a default setting and apply all of your setting for things like this in the default profile conn %default left=aaa.bbb.ccc.dd leftnexthop=aaa.bbb.ccc.eee dpddelay=5 dpdtimeout=5 dpdaction=hold pfs=no auth=esp authby=secret compress=yes aggrmode=yes etc..... _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users