[ previous ] [ next ] [ threads ]
 
 From:  George Farris <farrisg at mala dot bc dot ca>
 To:  monowall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Remote subnet fails in ipsec when set to x.x.x.x/32
 Date:  Wed, 11 Jan 2006 14:28:04 -0800
In IPsec tunnel configuration if I set the "Remote Subnet" to a single
host such as 198.162.241.51/32  I never get phase 1 negotiation to
complete, essentially the tunnel fails.  I get an sainfo error.

If I set it to 198.162.241.51/24 or 198.162.241.0/24 the phase 1
completes as seen below but phase 2 always receives the following error.
Anyone got any clues?

Jan 11 13:53:09 racoon: INFO: initiate new phase 1 negotiation:
142.x.x.4[500]<=>64.x.x.19[500] 

Jan 11 13:53:09 racoon: INFO: begin Aggressive mode. Jan 11 13:53:09
racoon: INFO: received Vendor ID: CISCO-UNITY 

Jan 11 13:53:09 racoon: INFO: received Vendor ID: DPD Jan 11 13:53:09
racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt 

Jan 11 13:53:09 racoon: NOTIFY: couldn't find the proper pskey, try to
get one by the peer's address. 

Jan 11 13:53:09 racoon: INFO: ISAKMP-SA established
142.x.x.4[500]-64.x.x.19[500] spi:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 

Jan 11 13:53:10 racoon: INFO: initiate new phase 2 negotiation:
142.x.x.4[0]<=>64.x.x.19[0] 

Jan 11 13:53:10 racoon: ERROR: unknown notify message, no phase2 handle
found. 

Jan 11 13:53:40 racoon: ERROR: 64.x.x.19 give up to get IPsec-SA due to
time up to wait.

For the life of me I can't get IPsec to work at all.  If anyone has any
suggestions I would really appreciate it.  It seems Monowall is just not
compatible with the CISCO-UNITY.

-- 
George Farris   farrisg at mala dot bc dot ca
Malaspina University-College