On Tuesday 31 May 2005 08:48, James F. Newberry wrote:
> I just tried setting the MTU to 1400 with no luck.  Right now I have
> 2 monowall boxes hooked to my WAN side switch and they still can not
> create an IPSEC link between the two of them.  I have tried the setup
> guide in the Docs.  I have read as many posts as I could find.  Any
> other ideas?  Here is the log
>
> May 31 07:47:41	 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i():
> begin Aggressive mode. May 31 07:47:41	 racoon: INFO:
> isakmp.c:808:isakmp_ph1begin_i(): initiate new phase 1 negotiation:
> 64.233.146.34[500]<=>64.233.146.43[500] May 31 07:47:41	 racoon:
> INFO: isakmp.c:1694:isakmp_post_acquire(): IPsec-SA request for
> 64.233.146.43 queued due to no phase1 found. May 31 07:47:33	 racoon:
> INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. May
> 31 07:47:33	 racoon: ERROR: isakmp.c:1786:isakmp_chkph1there():
> phase2 negotiation failed due to time up waiting for phase1. ESP
> 64.233.146.43->64.233.146.34 May 31 07:47:18	 racoon: ERROR:
> isakmp.c:1447:isakmp_ph1resend(): phase1 negotiation failed due to
> time up. d38c8163638cd5fa:0000000000000000 May 31 07:47:02	 racoon:
> INFO: isakmp.c:1713:isakmp_post_acquire(): request for establishing
> IPsec-SA was queued due to no phase1 found. May 31 07:46:49	 racoon:
> INFO: isakmp.c:1791:isakmp_chkph1there(): delete phase 2 handler. May
> 31 07:46:49	 racoon: ERROR: isakmp.c:1786:isakmp_chkph1there():
> phase2 negotiation failed due to time up waiting for phase1. ESP
> 64.233.146.43->64.233.146.34 May 31 07:46:18	 racoon: INFO:
> isakmp.c:813:isakmp_ph1begin_i(): begin Aggressive mode.
>

Looking at your logs it seems that the tunnel is never established.  My 
problem was that big packets just got clipped but _after_ the tunnel 
was established.  I suspect that you have some mismatch in parameters 
at the two endpoints.

--george