Identical remote networks on both sides??
Same settings ³My indentifier My IP² on both sides?

Check your settings, you¹ve to setup different networks and different ID¹s
for IPSec Tunnels..


Am 05.04.2005 10:52 Uhr schrieb "Pascal Simon" unter
<psi at netway dash solutions dot ch>:

> Hy all 
> 
> I've got trouble with setting up an IPSec tunnel between a m0n0wall and a
> Zyxel Prestige 653HWI router.
> 
> My current IPSec-setup is as follows:
> 
> Mode Tunnel 
> Disabled no 
> Auto-establish no
> Interface WAN 
> Local subnet LAN subnet
> Remote subnet 192.168.10.0/24
> Remote gateway 213.XXX.XXX.XXX
> 
> Phase 1 
> 
> Negotiation mode main
> My indentifier My IP
> Encryption algorithm 3DES
> Hash alg. SHA1 
> DH key group 1 
> Lifetime 28800 
> Pre-Shared Key "my KEY"
> 
> Phase 2 
> 
> Protocol ESP 
> Encryption algo. DES, 3DES
> Hash algo. SHA1, MD5
> PFS 1 
> Lifetime 28800 
> 
> I also made the same settings for the zyxel router.
> 
> If I try to ping a IP one the remote side (ping 192.168.10.1) the following
> entries appears in the Diagnostics/Logs/System - menu.
> 
> racoon: INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler.
> 
> racoon: ERROR: isakmp.c:1786:isakmp_chkph1there(): phase2 negotiation failed
> due to time up waiting for phase1. ESP 213.XXX.XXX.XXX->157.XXX.XXX.XXX
> 
> Thanks for your help.
> 
> Regards 
> 
> Pascal Simon 
> 
> P.S. m0n0wall is one of the best open-source-projects I've ever seen.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>