Jesse Guardiani wrote:
> I'm attempting to set up an IPSec tunnel between a
> 1.11 box and a 1.2b3 box. My phase1 negotiation is
> working, but phase2 (ESP) fails. See below for the
> logs on the 1.2b3 machine (most recent first):
> Dec 14 09:49:51 racoon: ERROR: pfkey.c:804:pfkey_timeover():
> 220.127.116.11 give up to get IPsec-SA due to time up to wait.
> Dec 14 09:49:41 last message repeated 2 times
> Dec 14 09:49:21 racoon: ERROR: isakmp_inf.c:141:isakmp_info_recv():
> ignore information because the message has no hash payload.
> Dec 14 09:49:21 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate
> new phase 2 negotiation: 18.104.22.168<=>22.214.171.124
> I've double checked my configs, and they appear to be
> the same on both ends, with the exception of phase1
> pre-shared keys.
> Any ideas?
OK. The problem went away after I changed my "remote subnet" from:
I got the idea from this post:
This seems like an avoidable user error. Can't we make the webGUI
test the subnet and throw an error or auto-correct user mistakes?
Jesse Guardiani, Systems Administrator
WingNET Internet Services,
P.O. Box 2605 // Cleveland, TN 37320-2605
423-559-LINK (v) 423-559-5145 (f)