PIX & IPSec to FreeBSD
- From
- Andrew Lutov (2:5000/26)
- To
- All (2:5054/37.63)
- Date
- 2006-03-11T16:54:20Z
- Area
- RU.CISCO
From: "Andrew Lutov" <andrew_l @ newmail.ru>
Hello, All!
Почему-то не получается :(
На тестовой связке все было нормально, а при переходе в реальную
работу не запускается. Удаленная точка (FreeBSD: адрес 2.7.3.243) не моя.
Лог отладки с ПИКСа (адрес 2.7.0.103) такой:
ISAKMP (0): beginning Main Mode exchange
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing SA payload. message ID = 0
ISAKMP (0): beginning Main Mode exchange
ISAKMP: encryption 3DES-CBC
ISAKMP: hash SHA
ISAKMP: default group 2
ISAKMP: auth pre-share
ISAKMP: life type in seconds
ISAKMP: life duration (basic) of 43200
ISAKMP (0): atts are acceptable. Next payload is 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
OAK_MM exchange
ISAKMP (0): processing KE payload. message ID = 0
ISAKMP (0): processing NONCE payload. message ID = 0
ISAKMP (0): processing vendor id payload
ISAKMP (0): ID payload
next-payload : 8
type : 2
protocol : 17
port : 500
length : 19
ISAKMP (0): Total payload length: 23
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
ISAKMP: sa not found for ike msg
ISAKMP (0): retransmitting phase 1 (0)...
ISAKMP (0): retransmitting phase 1 (1)...
ISAKMP (0): retransmitting phase 1 (2)...
ISAKMP (0): retransmitting phase 1 (3)...
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
ISAKMP: sa not found for ike msg
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
ISAKMP: phase 1 packet is a duplicate of a previous packet
ISAKMP: resending last response
crypto_isakmp_process_block:src:2.7.3.243, dest:2.7.0.103 spt:500 dpt:500
ISAKMP: sa not found for ike msg
ISAKMP (0): deleting SA: src 2.7.0.103, dst 2.7.3.243
ISADB: reaper checking SA 0x10ba5bc, conn_id = 0 DELETE IT!
VPN Peer:ISAKMP: Peer Info for 2.7.3.243/500 not found - peers:0
crypto_isakmp_process_block:src:212.17.3.243, dest:212.17.0.103 spt:500
dpt:500
ISAKMP: sa not found for ike msg
crypto_isakmp_process_block:src:212.17.3.243, dest:212.17.0.103 spt:500
dpt:500
ISAKMP: sa not found for ike msg
crypto_isakmp_process_block:src:212.17.3.243, dest:212.17.0.103 spt:500
dpt:500
ISAKMP: sa not found for ike msg
Что может быть ? Ключи не совпали или Ракун взбрыкнул ?
(сегодня перезапустить ракун невозможно)
PS: Предварительно настраивался тунель с обычной киски на тот же FReeBSD и
все запустилось нормально.
--
А5 увидимся е2 ли
--- ifmail v.2.14.os-p7
* Origin: Garant-Siberia fidonet station (2:5000/26@fidonet)
SEEN-BY: 46/50 400/520 814 450/1024 463/68 464/36 910 465/213 550/5068 5000/0
SEEN-BY: 5000/2 3 26 52 61 67 81 104 117 121 130 170 5000 5002/5002 5004/75
SEEN-BY: 5004/1111 5005/14 5009/14 5010/77 352 5011/13 5013/21 5015/28 221
SEEN-BY: 5019/31 5020/545 715 4441 5021/29 5025/3 5027/12 5030/115 5045/7
SEEN-BY: 5053/16 5054/1 4 8 9 28 30 35 36 37 67 72 75 81 89 5055/177 5057/119
SEEN-BY: 5062/10 5063/3 5070/66 5077/70 5080/1003 5085/13 5090/1029 5095/20
SEEN-BY: 5096/18 6000/1 6001/10 6090/1
�PATH: 5000/26 5000 5020/545 5054/1 37