Traun,
not sure if your setup will work, however, your local and remote subnet's
should end with .0, since you are using the 24bit mask.
i.e.
192.168.50.0 /24
192.168.10.0 /24
G
-----Original Message-----
From: "Tarun Kundhi" <tkundhi at inebraska dot com>
To: "m0n0wall list" <m0n0wall at lists dot m0n0 dot ch>
Date: Sun, 26 Feb 2006 20:36:49 -0600
Subject: [m0n0wall] site to site IPsec VPN, negotiation failed due to time
up
> I am trying to set up a site to site VPN using 2 monowalls. For testing
> I'm attempting to do this at one location with the remote monowall
> attached to the DMZ interface of the local monowall. Firewalls rules
> exist on the local monowall to block DMZ traffic from reaching the LAN.
> So far I can't get the VPN to come up.
>
> Here is my configuration.
>
> local monowall
> WAN (DHCP assigned)
> LAN 192.168.10.1 /24
> DMZ 192.168.20.1 /24
> VPN interface DMZ
> local subnet LAN
> remote subnet 192.168.50.1 /24
> remote gateway 192.168.20.5
>
> remote monowall
> WAN 192.168.20.5 (static attached to switch on local monowall DMZ)
> LAN 192.168.50.1 /24
> VPN interface WAN
> local subnet LAN
> remote subnet 192.168.10.1 /24
> remote gateway 192.168.20.1
>
> I've check my setup several times and even tried using different
> encryption algorithms (3DES & Blowfish). I also tried different
> identifiers (My IP address & Domain name) yet the error is always
> similar to the following.
>
> Feb 26 20:05:37 racoon: ERROR: phase1 negotiation failed due to
> time up. aa13091341f7f84a:0000000000000000
> Feb 26 20:05:08 racoon: INFO: delete phase 2 handler.
> Feb 26 20:05:08 racoon: ERROR: phase2 negotiation failed due to
> time up waiting for phase1. ESP 192.168.20.5[0]->192.168.20.1[0]
> Feb 26 20:04:37 racoon: INFO: begin Aggressive mode.
> Feb 26 20:04:37 racoon: INFO: initiate new phase 1 negotiation:
> 192.168.20.1[500]<=>192.168.20.5[500]
> Feb 26 20:04:37 racoon: INFO: IPsec-SA request for 192.168.20.5
> queued due to no phase1 found.
>
>
> Suggestions would be appreciated.
>
> Tarun
| 