All,
Thanks for your input. I got the tunnel up and running. After taking
several suggestions I decided to switch to main mode and set the right
side to dynamic. Also when using dynamic even as a termination point
auto is set to "add".
version 2.0
config setup
interfaces="ipsec0=eth0"
hidetos=yes
conn clear
auto=ignore
conn clear-or-private
auto=ignore
conn private-or-clear
auto=ignore
conn private
auto=ignore
conn block
auto=ignore
conn packetdefault
auto=ignore
conn peer-0.0.0.0-tunnel-1
left=1.1.1.1
right=%any
rekey=no
leftsubnet=192.168.12.0/24
rightsubnet=192.168.10.0/24
ike=3des-md5,3des-sha1
ikelifetime=28800s
aggrmode=no
esp=3des-md5,3des-sha1
keylife=1800s
rekeymargin=540s
type=tunnel
pfs=yes
compress=no
authby=secret
auto=add
Carlos Dunmoodie
Network Engineer
Engineering
Office: (301) 944-2896
Cell: (443) 864-9822
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of ken Felix
Sent: Thursday, February 07, 2008 5:21 PM
To: vyatta-users@mailman.vyatta.com
Subject: [Vyatta-users] IPSec Termination
My take, the remote peer is not recognized. Do you have an appropiate
PSK key in the ipsec.secrets file ?
fwiw: I would create a default setting and apply all of your setting
for things like this in the default profile
conn %default
left=aaa.bbb.ccc.dd
leftnexthop=aaa.bbb.ccc.eee
dpddelay=5
dpdtimeout=5
dpdaction=hold
pfs=no
auth=esp
authby=secret
compress=yes
aggrmode=yes
etc.....
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
