[ previous ] [ next ] [ threads ]
 
 From:  Louis <m0n0 dot ch at hourfollowshour dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPSec over wireless to m0n0 (cisco VPN client)
 Date:  Fri, 10 Dec 2004 23:55:17 -0500
I am trying to use the cisco VPN client for version 4.0.3 to connect to 
m0n0wall over a wireless link to the same m0n0wall box's LAN subnet. 
Does the Cisco VPN client even work w/M0n0wall?

I setup the IPSec config per the instructions here:
http://m0n0.ch/wall/docbook/faq.html#id2601928

Firewall:
v1.2b3 net4521 + 2511 CD PLUS EXT2
WAN  - 192.168.1.200
LAN  - 192.168.3.1
OPT1 - 10.10.10.1 (wi / wireless interface)

Client:
Windows XP - Cisco VPN Client (4.0.3)
IP: 10.10.10.199

I also have the firewall open for UDP 500 from the OPT1 (wi) interface 
to the LAN.

I have the client configured as follows:
- There is a Group Authentication section with a Name/Password field
  (does this = pre-shared ID/key?)
- IPSec over UDP (NAT / PAT)
(there aren't many other options)

On the client side I see "The remote peer does not support the required 
VPN client protocol."  On the server side I see in Logs -> System:
Dec 10 23:48:04 	racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond 
new phase 1 negotiation: 192.168.3.1[500]<=>10.10.10.199[500]

Dec 10 23:48:04 	racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin 
Aggressive mode.

Dec 10 23:48:07 	racoon: WARNING: 
isakmp_inf.c:1345:isakmp_check_notify(): ignore INITIAL-CONTACT 
notification, because it is only accepted after phase1.

Dec 10 23:48:07 	racoon: INFO: isakmp.c:2459:log_ph1established(): 
ISAKMP-SA established 192.168.3.1[500]-10.10.10.199[500] 
spi:e8c18f009f2dd3a4:8bf9165015271d5e

Dec 10 23:48:07 	racoon: ERROR: isakmp_inf.c:1244:isakmp_info_recv_d(): 
delete payload with invalid doi:0.

Any ideas would be appreciated.

Louis