I am running version 1.21 m0n0wall on a soekris box.
I have a new customer that we want to establish a test connection with.
They have a CISCO 2000.
I get the following
racoon: INFO: IPsec-SA request for <their IP> queued due to no phase1 found.
racoon: INFO: initiate new phase 1 negotiation: MyIP<=>Their IP
racoon: INFO: begin Identity Protection mode.
racoon: INFO: received broken Microsoft ID: FRAGMENTATION
racoon: INFO: received Vendor ID: CISCO-UNITY
racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
racoon: INFO: received Vendor ID: DPD
racoon: INFO: ISAKMP-SA established MyIP-TheirIP spi:90d912cb8576398f:ed32c3530b4b9ce0
racoon: INFO: initiate new phase 2 negotiation: MyIP<=>theirIP
racoon: ERROR: mismatched ID was returned.
racoon: ERROR: failed to pre-process packet.
racoon: ERROR: phase2 negotiation failed
The Diagnostics IPSEC SAD screen shows Source TheirIP, Destination MyIP is active.
I have the following configured
Local subnet: Network 172.20.12.5/30 (This is my opt1 link)
Remote Subnet: 220.127.116.11/29
Remote Gateway: their IPAddress
Negotiation Mode: Main
My Identifier: My IP Address
Hash algorithm: MD5
DHKey Group: 2
Lifetime: not specified
Pre-Shared Key: confirmed OK
Encryption algorithms: 3DES
Hash algorithms: SHA1, MD5
PFS Key Group: off
LifeTime: not specified.
If I change the Remote IP Address or mask, phase 1 fails, so I assume these are correct.
Is the mismatched ID something to do with my local subnet and what has been specified on their side?
Is there any way of seeing what ID was actually sent?
Any advice would be much appreciated.