|
||||||||
> > Thanks in advance, > Chris > > racoon: ERROR: pfkey.c:804:pfkey_timeover(): xxx.xxx.xxx.xxx give up to > get IPsec-SA due to time up to wait. > racoon: ERROR: isakmp_inf.c:840:isakmp_info_recv_n(): unknown notify > message, no phase2 handle found. > racoon: INFO: isakmp.c:952:isakmp_ph2begin_i(): initiate new phase 2 > negotiation: xxx.xxx.xxx.xxx[0]<=>xxx.xxx.xxx.xxx[0] > racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA established > xxx.xxx.xxx.xxx[500]-xxx.xxx.xxx.xxx[500] spi:blahblahblah > racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin Identity > Protection mode. > racoon: INFO: isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 > negotiation: xxx.xxx.xxx.xxx[500]<=>xxx.xxx.xxx.xxx[500] > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch ------------------------------------------------------------------------ ------------------------------------- This will get you started. He will need to put in the appropriate access-list 120 to send across the tunnel if he is a cisco guy he will understand this. crypto isakmp policy 11 encr 3des hash md5 authentication pre-share crypto isakmp key XXX address X.X.X.X no-xauth crypto ipsec transform-set myset esp-3des esp-md5-hmac crypto map clientmap 1 ipsec-isakmp set peer X.X.X.X set transform-set myset match address 120 Int s0/0 crypto map clientmap |