In IPsec tunnel configuration if I set the "Remote Subnet" to a single
host such as 220.127.116.11/32 I never get phase 1 negotiation to
complete, essentially the tunnel fails. I get an sainfo error.
If I set it to 18.104.22.168/24 or 22.214.171.124/24 the phase 1
completes as seen below but phase 2 always receives the following error.
Anyone got any clues?
Jan 11 13:53:09 racoon: INFO: initiate new phase 1 negotiation:
Jan 11 13:53:09 racoon: INFO: begin Aggressive mode. Jan 11 13:53:09
racoon: INFO: received Vendor ID: CISCO-UNITY
Jan 11 13:53:09 racoon: INFO: received Vendor ID: DPD Jan 11 13:53:09
racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 11 13:53:09 racoon: NOTIFY: couldn't find the proper pskey, try to
get one by the peer's address.
Jan 11 13:53:09 racoon: INFO: ISAKMP-SA established
Jan 11 13:53:10 racoon: INFO: initiate new phase 2 negotiation:
Jan 11 13:53:10 racoon: ERROR: unknown notify message, no phase2 handle
Jan 11 13:53:40 racoon: ERROR: 64.x.x.19 give up to get IPsec-SA due to
time up to wait.
For the life of me I can't get IPsec to work at all. If anyone has any
suggestions I would really appreciate it. It seems Monowall is just not
compatible with the CISCO-UNITY.
George Farris farrisg at mala dot bc dot ca