[ previous ] [ next ] [ threads ]
 
 From:  sylikc <sylikc at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0wall IPSec "not acceptable Agressive Mode"
 Date:  Thu, 22 Jul 2004 14:15:48 -0700 
Justin,

Phase 1 in m0n0wall is set to agressive.  Attached is the ipsec
section of my config.xml

(All I changed was the email/password details)


Thanks
/sylikc


On Thu, 22 Jul 2004 16:01:21 -0500, Justin Ellison
<justin at techadvise dot com> wrote:
> Is your Phase 1 negotiation mode on the m0n0wall set to aggressive?  If
> not, change it to aggressive.  Otherwise, post your relevant config.xml
> on the m0n0wall side.
> 
> Justin
> 
> 
> 
> On Thu, 2004-07-22 at 15:43, sylikc wrote:
> > Hi,
> >
> > I've been reading through all the threads regarding IPSec and I still
> > can't get my mobile IPSec going.
> >
> > I have m0n0wall configured exactly the way specified in the FAQ and I
> > am also using SoftRemoteLT.  However, whenever I connect, SoftRemoteLT
> > won't connect because it gives this error:
> >
> >  7-22: 12:53:44.280 My Connections\m0n0 - Initiating IKE Phase 1 (IP
> > ADDR=24.205.15.241)
> >  7-22: 12:53:44.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
> > (SA, KE, NON, ID, VID 6x)
> >  7-22: 12:53:59.592 My Connections\m0n0 - message not received! Retransmitting!
> >  7-22: 12:53:59.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
> > (Retransmission)
> >  7-22: 12:54:14.592 My Connections\m0n0 - message not received! Retransmitting!
> >  7-22: 12:54:14.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
> > (Retransmission)
> >  7-22: 12:54:29.592 My Connections\m0n0 - message not received! Retransmitting!
> >  7-22: 12:54:29.592 My Connections\m0n0 - SENDING>>>> ISAKMP OAK AG
> > (Retransmission)
> >  7-22: 12:54:44.592 My Connections\m0n0 - Exceeded 3 IKE SA negotiation attempts
> >
> >
> >
> > So, I check the system logs and I see this error (repeated a few times):
> >
> > racoon: ERROR: isakmp.c:870:isakmp_ph1begin_r(): not acceptable Aggressive mode
> >
> >
> > I've tried a different version of SoftRemoteLT (9.2.1 and 10.3.3)
> > running different operating systems.
> >
> > I am running this client behind a NAT.  I know that SoftRemote
> > supports NAT-T, but does m0n0wall support NAT-T?  If not, that would
> > explain it...
> >
> > My setup is that I'm trying to connect back home from work, and most
> > corporate networks these days use all NAT-ed networks.
> >
> >
> > /sylikc
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> --
> Justin Ellison <justin at techadvise dot com>
> 
> 
>
config.xml (1.1 KB, text/xml)